3 matches found
AIX 5.3 TL 7 : at (IZ43454)
The at command does not drop permissions when reading certain files. A local attacker may exploit this error to read any file on the system because the command is setuid root. The following file is vulnerable : /usr/bin/at. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the...
CVE-2009-0536
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges...
CVE-2009-0536
CVE-2009-0536 affects IBM AIX: the at utility (in /usr/bin/at) within bos.rte.cron does not drop root privileges when reading certain files, allowing a local user to read arbitrary files. Affected AIX versions include 5.2.0, 5.3.0–5.3.9, and 6.1.0–6.1.2. The issue is tied to setuid root behavior ...