CVE-2005-0261 - lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing th

CVE-2005-0261

Summary

lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.

References

http://secunia.com/advisories/14232
http://www.idefense.com/application/poi/display?id=195&type=vulnerabilities
http://www.securityfocus.com/bid/12513
http://www-1.ibm.com/support/search.wss?rs=0&q=IY67457&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY67655&apar=only
https://exchange.xforce.ibmcloud.com/vulnerabilities/19281

Vulnerable Configurations

cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

aixapar	IY67457 IY67655
bid	12513
idefense	20050210 IBM AIX lspath Local File Access Vulnerability
secunia	14232
xf	ibm-aix-ispath-information-disclosure(19281)

Last major update

11-07-2017 - 01:32

Published

10-02-2005 - 05:00

Last modified

11-07-2017 - 01:32