7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
securitytracker.com/id?1019604
www.ibm.com/support/docview.wss?uid=isg1IZ16975
www.ibm.com/support/docview.wss?uid=isg1IZ16991
www.ibm.com/support/docview.wss?uid=isg1IZ17058
www.ibm.com/support/docview.wss?uid=isg1IZ17059
www.vupen.com/english/advisories/2008/0865
www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4156
www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4157
www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4158
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5468