PRIOn knowledge basePRION:CVE-2008-1599Code injection
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
References
securitytracker.com/id?1019604
www.ibm.com/support/docview.wss?uid=isg1IZ16975
www.ibm.com/support/docview.wss?uid=isg1IZ16991
www.ibm.com/support/docview.wss?uid=isg1IZ17058
www.ibm.com/support/docview.wss?uid=isg1IZ17059
www.vupen.com/english/advisories/2008/0865
www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4156
www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4157
www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4158
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5468
Related
