CVE-2007-4353 - Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root

CVE-2007-4353

Summary

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods.

References

ftp://aix.software.ibm.com/aix/efixes/security/README
http://secunia.com/advisories/26420
http://www.securityfocus.com/bid/25270
http://www.securitytracker.com/id?1018549
http://www.vupen.com/english/advisories/2007/2860
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00531
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01433
https://exchange.xforce.ibmcloud.com/vulnerabilities/35971

Vulnerable Configurations

cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*

CVSS

Base:	6.9 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:C/I:C/A:C

refmap via4

aixapar	IZ00531 IZ01433
bid	25270
confirm	ftp://aix.software.ibm.com/aix/efixes/security/README
sectrack	1018549
secunia	26420
vupen	ADV-2007-2860
xf	aix-chpath-rmpath-devinstall-bo(35971)

Last major update

29-07-2017 - 01:32

Published

15-08-2007 - 00:17

Last modified

29-07-2017 - 01:32