IBM AIX rmsock SetUID Binary Information Leak

Summary An exploitable kernel memory leak vulnerability is exposed by the rmsock setUID functionality of IBM AIX 6.1 and IBM AIX 7.1. A specially crafted command line can cause a kernel memory leak, resulting in uninitialized kernel memory being exposed. An attacker can execute rmuser with an...

Security Bulletin: Vulnerability in rmsock affects AIX (CVE-2018-1655)

Summary There is a vulnerability in the rmsock command that affects AIX. Vulnerability Details CVEID: CVE-2018-1655 DESCRIPTION: IBM AIX contains a vulnerability in the rmsock command that may be used to expose kernel memory. CVSS Base Score: 4 CVSS Temporal Score: See...

AIX rmsock Advisory : rmsock_advisory2.asc (IJ06904) (IJ06905) (IJ06906) (IJ06907) (IJ06908) (IJ06934) (IJ06935)

The version of the rmsock command installed on the remote AIX host is affected by an information disclosure vulnerability. An unauthenticated, local attacker can exploit this and potentially expose kernel memory. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110777;...

Design/Logic Flaw

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748...

CVE-2018-1655

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748...

CVE-2018-1655

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748...

CVE-2018-1655

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748...

CVE-2018-1655

CVE-2018-1655 affects IBM AIX rmsock in AIX 5.3, 6.1, 7.1, 7.2 (and VIOS 2.2.x). The rmsock setUID binary can leak uninitialized kernel memory when handling crafted socket addresses, enabling an information disclosure via kernel memory exposure. TALOS confirms a kernel memory leak vulnerability e...

CVE-2018-1655

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. Recent assessments: timb-machine at March 05, 2021 12:31am UTC reported: This bug is trivial to exploit but time consuming to gain useful advantage. Each...

IBM AIX Information Disclosure Vulnerability (CNVD-2018-12113)

IBM AIX Advanced Interactive eXecutive is a UNIX operating system developed by IBM. A security vulnerability exists in the rmsock command in IBM AIX. An attacker can exploit this vulnerability to disclose kernel memory...

Vulnerability in rmsock affects AIX (CVE-2018-1655),Vulnerability in rmsock affects VIOS (CVE-2018-1655)

IBM SECURITY ADVISORY First Issued: Thu Jun 21 14:07:15 CDT 2018 |Updated: Tue Jul 3 08:09:45 CDT 2018 |Update: Additional iFixes are now available. Additional iFixes are now available | for: | AIX 6100-09-09 and 6100-09-10 | AIX 7100-04-04 and 7100-04-05 | AIX 7100-05-00 and 7100-05-01 | AIX...

IBM AIX rmsock及rmsock64工具日志文件本地权限提升漏洞

IBM AIX是一款商业性质的UNIX操作系统。 IBM AIX系统中的rmsock及rmsock64工具实现上存在漏洞，可能允许本地攻击者利用此漏洞提升自己的权限。 rmsock及rmsock64工具没有以安全的方式创建日志文件，本地攻击者可能利用此漏洞向任意系统文件添加数据，导致权限提升。 IBM AIX 6.x IBM AIX 5.x 厂商补丁： IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://aix.software.ibm.com/aix/efixes/security/rmsockfix.tar...

Code injection

Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to 1 rmsock and 2 rmsock64 not creating "secure log files."...

CVE-2009-0370

Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to 1 rmsock and 2 rmsock64 not creating "secure log files."...