CVE-2007-4238 - AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with

CVE-2007-4238

Summary

AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.

References

http://osvdb.org/36782
http://secunia.com/advisories/26219
http://securitytracker.com/id?1018468
http://www.vupen.com/english/advisories/2007/2678
http://www-1.ibm.com/support/docview.wss?uid=isg1IY79785
http://www-1.ibm.com/support/docview.wss?uid=isg1IY79786

Vulnerable Configurations

cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*

CVSS

Base:	6.9 (as of 08-03-2011 - 02:58)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:C/I:C/A:C

refmap via4

aixapar	IY79785 IY79786
osvdb	36782
sectrack	1018468
secunia	26219
vupen	ADV-2007-2678

Last major update

08-03-2011 - 02:58

Published

08-08-2007 - 22:17

Last modified

08-03-2011 - 02:58