CVE-2005-2236 - Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, migh

CVE-2005-2236

Summary

Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.

References

http://securitytracker.com/id?1014132
http://www.caughq.org/advisories/CAU-2005-0003.txt
http://www.securityfocus.com/bid/13911

Vulnerable Configurations

cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 05-09-2008 - 20:51)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	13911
misc	http://www.caughq.org/advisories/CAU-2005-0003.txt
sectrack	1014132

Last major update

05-09-2008 - 20:51

Published

12-07-2005 - 04:00

Last modified

05-09-2008 - 20:51