Aix Security Vulnerabilities - January
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
7.9AI Score
0.017EPSS
7.3AI Score
0.005EPSS
mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.
7.2AI Score
0.005EPSS
namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.
7.3AI Score
0.005EPSS
7.3AI Score
0.005EPSS
Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument.
6.5AI Score
0.005EPSS
7.3AI Score
0.004EPSS
clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.
7.2AI Score
0.0004EPSS
Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames.
7AI Score
0.002EPSS
Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames.
7AI Score
0.003EPSS
IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers.
6.5AI Score
0.051EPSS
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
7.9AI Score
0.004EPSS
Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."
7.9AI Score
0.0004EPSS
dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files.
6.5AI Score
0.0004EPSS
Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code.
7.8AI Score
0.0004EPSS
Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump).
7.1AI Score
0.011EPSS
Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.
7.9AI Score
0.02EPSS
Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type."
7.6AI Score
0.005EPSS
7.3AI Score
0.002EPSS
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.
6.9AI Score
0.0004EPSS
Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow.
6.9AI Score
0.008EPSS
Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.
6.9AI Score
0.002EPSS
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a differ...
9.8AI Score
0.966EPSS
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary...
7.2AI Score
0.003EPSS
The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.
6.7AI Score
0.01EPSS
Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.
6.8AI Score
0.013EPSS
Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.
6.8AI Score
0.0004EPSS
IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail.
4.4AI Score
0.007EPSS
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
6.8AI Score
0.006EPSS
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
7.7AI Score
0.052EPSS
The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion).
6.8AI Score
0.004EPSS
Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.
6.8AI Score
0.001EPSS
Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.
7.2AI Score
0.006EPSS
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
6.2AI Score
0.02EPSS
Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges.
7.3AI Score
0.0004EPSS
Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors.
6.6AI Score
0.001EPSS
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
7.3AI Score
0.002EPSS
Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.
7.3AI Score
0.852EPSS
Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.
6.8AI Score
0.0004EPSS
LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack.
6.4AI Score
0.0004EPSS
The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.
6.3AI Score
0.0004EPSS
Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.
6.8AI Score
0.0004EPSS
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.
6.4AI Score
0.0004EPSS
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.
7.2AI Score
0.0004EPSS
Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username.
7.9AI Score
0.0004EPSS
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.
7AI Score
0.0004EPSS
rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.
6.8AI Score
0.003EPSS
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.
7.1AI Score
0.006EPSS
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
7AI Score
0.0004EPSS
Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message.
7.5AI Score
0.001EPSS