CVE-2013-4011 - Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.

CVE-2013-4011

Summary

Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.

References

Vulnerable Configurations

cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:vios:2.2.2.2:fp-26_sp-02:*:*:*:*:*:*
cpe:2.3:o:ibm:vios:2.2.2.2:fp-26_sp-02:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 19-09-2017 - 01:36)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

oval via4

accepted

2014-01-06T04:00:15.684-05:00

class

vulnerability

contributors

name	Chandan M C
organization	Hewlett-Packard

definition_extensions

comment IBM AIX 6100-06 is installed
oval oval:org.mitre.oval:def:19197
comment IBM AIX 6100-07 is installed
oval oval:org.mitre.oval:def:19105
comment IBM AIX 6100-08 is installed
oval oval:org.mitre.oval:def:19215
comment IBM AIX 7100-00 is installed
oval oval:org.mitre.oval:def:19195
comment IBM AIX 7100-01 is installed
oval oval:org.mitre.oval:def:19029
comment IBM AIX 7100-02 is installed
oval oval:org.mitre.oval:def:19343

description

family

unix

oval:org.mitre.oval:def:19167

status

accepted

submitted

2013-11-18T10:06:56.357-05:00

title

Security Vulnerabilities in AIX InfiniBand

version

refmap via4

aixapar	IV43561 IV43562 IV43580 IV43582 IV43756 IV43827
bid	61287
confirm	http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc
osvdb	95419 95420
sectrack	1028792
secunia	54215
xf	aix-cve20134011-infiniband(85617)

Last major update

19-09-2017 - 01:36

Published

18-07-2013 - 16:51

Last modified

19-09-2017 - 01:36