ID CVE-2009-0370
Summary Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."
References
Vulnerable Configurations
  • cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 29-09-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2009-09-21T04:00:05.256-04:00
class vulnerability
contributors
name Aharon Chernin
organization DTCC
definition_extensions
  • comment IBM AIX 5200-10 is installed
    oval oval:org.mitre.oval:def:5076
  • comment IBM AIX 5300-00 is installed
    oval oval:org.mitre.oval:def:6195
  • comment IBM AIX 5300-01 through 5300-06 is installed
    oval oval:org.mitre.oval:def:5973
  • comment IBM AIX 5300-07 is installed
    oval oval:org.mitre.oval:def:5707
  • comment IBM AIX 5300-08 is installed
    oval oval:org.mitre.oval:def:5293
  • comment IBM AIX 5300-09 is installed
    oval oval:org.mitre.oval:def:6306
  • comment IBM AIX 6100-00 is installed
    oval oval:org.mitre.oval:def:5589
  • comment IBM AIX 6100-01 is installed
    oval oval:org.mitre.oval:def:5959
  • comment IBM AIX 6100-02 is installed
    oval oval:org.mitre.oval:def:5685
description Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."
family unix
id oval:org.mitre.oval:def:6028
status accepted
submitted 2009-08-07T08:18:16-04:00
title Multiple unspecified vulnerabilities in IBM AIX rmsock."
version 40
refmap via4
aixapar
  • IZ40386
  • IZ41510
  • IZ41593
  • IZ41599
  • IZ42785
  • IZ42786
  • IZ42787
  • IZ42788
bid 33522
confirm http://aix.software.ibm.com/aix/efixes/security/rmsock_advisory.asc
Last major update 29-09-2017 - 01:33
Published 30-01-2009 - 19:30
Back to Top