cvelistv5 - CVE-2007-4622

CVE-2007-4622 (GCVE-0-2007-4622)

Vulnerability from cvelistv5

Published

2007-11-05 16:00

Modified

2024-08-07 15:01

Severity ?

CWE

Summary

Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.

References

URL

Tags

cve@mitre.org	ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar	Patch
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613
cve@mitre.org	http://secunia.com/advisories/27437	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1018871
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=isg1IZ05017
cve@mitre.org	http://www.securityfocus.com/bid/26262	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3669
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/38169
af854a3a-2127-422b-91ae-364da2661108	ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar	Patch
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27437	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018871
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=isg1IZ05017
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26262	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3669
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38169

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:01:09.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20071030 IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613"
          },
          {
            "name": "26262",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26262"
          },
          {
            "name": "27437",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27437"
          },
          {
            "name": "IZ05017",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ05017"
          },
          {
            "name": "aix-dig-dnsnamefromtext-integer-underflow(38169)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38169"
          },
          {
            "name": "1018871",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018871"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar"
          },
          {
            "name": "ADV-2007-3669",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3669"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted \"-y\" (TSIG key) command line argument to dig."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20071030 IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613"
        },
        {
          "name": "26262",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26262"
        },
        {
          "name": "27437",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27437"
        },
        {
          "name": "IZ05017",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ05017"
        },
        {
          "name": "aix-dig-dnsnamefromtext-integer-underflow(38169)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38169"
        },
        {
          "name": "1018871",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018871"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar"
        },
        {
          "name": "ADV-2007-3669",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3669"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4622",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted \"-y\" (TSIG key) command line argument to dig."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071030 IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613"
            },
            {
              "name": "26262",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26262"
            },
            {
              "name": "27437",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27437"
            },
            {
              "name": "IZ05017",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ05017"
            },
            {
              "name": "aix-dig-dnsnamefromtext-integer-underflow(38169)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38169"
            },
            {
              "name": "1018871",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018871"
            },
            {
              "name": "ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar",
              "refsource": "CONFIRM",
              "url": "ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar"
            },
            {
              "name": "ADV-2007-3669",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3669"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4622",
    "datePublished": "2007-11-05T16:00:00",
    "dateReserved": "2007-08-30T00:00:00",
    "dateUpdated": "2024-08-07T15:01:09.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4622\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-11-05T16:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted \\\"-y\\\" (TSIG key) command line argument to dig.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento inferior de entero en la funci\u00f3n dns_name_fromtext en (1) libdns_nonsecure.a y (2) libdns_secure.a de IBM AIX 5.2 permite a usuarios locales obtener privilegios mediante un argumento \\\"-y\\\" (TSIG key) manipulado en l\u00ednea de comandos en dig.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17EECCCB-D7D1-439A-9985-8FAE8B44487B\"}]}]}],\"references\":[{\"url\":\"ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27437\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018871\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IZ05017\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26262\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3669\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38169\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27437\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1018871\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IZ05017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26262\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2007-4622

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-4622

Aliases

CVE-2007-4622

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-4622",
    "description": "Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted \"-y\" (TSIG key) command line argument to dig.",
    "id": "GSD-2007-4622"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-4622"
      ],
      "details": "Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted \"-y\" (TSIG key) command line argument to dig.",
      "id": "GSD-2007-4622",
      "modified": "2023-12-13T01:21:37.207964Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-4622",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted \"-y\" (TSIG key) command line argument to dig."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20071030 IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613"
          },
          {
            "name": "26262",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26262"
          },
          {
            "name": "27437",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27437"
          },
          {
            "name": "IZ05017",
            "refsource": "AIXAPAR",
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ05017"
          },
          {
            "name": "aix-dig-dnsnamefromtext-integer-underflow(38169)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38169"
          },
          {
            "name": "1018871",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018871"
          },
          {
            "name": "ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar",
            "refsource": "CONFIRM",
            "url": "ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar"
          },
          {
            "name": "ADV-2007-3669",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3669"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4622"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted \"-y\" (TSIG key) command line argument to dig."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20071030 IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613"
            },
            {
              "name": "ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar"
            },
            {
              "name": "IZ05017",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ05017"
            },
            {
              "name": "26262",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/26262"
            },
            {
              "name": "1018871",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1018871"
            },
            {
              "name": "27437",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27437"
            },
            {
              "name": "ADV-2007-3669",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3669"
            },
            {
              "name": "aix-dig-dnsnamefromtext-integer-underflow(38169)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38169"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:33Z",
      "publishedDate": "2007-11-05T16:46Z"
    }
  }
}

fkie_cve-2007-4622

Vulnerability from fkie_nvd

Published

2007-11-05 16:46

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar	Patch
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613
cve@mitre.org	http://secunia.com/advisories/27437	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1018871
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=isg1IZ05017
cve@mitre.org	http://www.securityfocus.com/bid/26262	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3669
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/38169
af854a3a-2127-422b-91ae-364da2661108	ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar	Patch
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27437	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018871
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=isg1IZ05017
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26262	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3669
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38169

Impacted products

	Vendor	Product	Version
	ibm	aix	5.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted \"-y\" (TSIG key) command line argument to dig."
    },
    {
      "lang": "es",
      "value": "Desbordamiento inferior de entero en la funci\u00f3n dns_name_fromtext en (1) libdns_nonsecure.a y (2) libdns_secure.a de IBM AIX 5.2 permite a usuarios locales obtener privilegios mediante un argumento \"-y\" (TSIG key) manipulado en l\u00ednea de comandos en dig."
    }
  ],
  "id": "CVE-2007-4622",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-05T16:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27437"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1018871"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ05017"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26262"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3669"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ05017"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26262"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38169"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-r6ww-5h8f-3m8g

Vulnerability from github

Published

2022-05-03 03:18

Modified

2022-05-03 03:18

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-4622"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-11-05T16:46:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted \"-y\" (TSIG key) command line argument to dig.",
  "id": "GHSA-r6ww-5h8f-3m8g",
  "modified": "2022-05-03T03:18:24Z",
  "published": "2022-05-03T03:18:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4622"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38169"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=613"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27437"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018871"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ05017"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26262"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3669"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2007-AVI-464

Vulnerability from certfr_avis

De multiples vulnérabilités dans IBM AIX permettent à une personne malveillante d'exécuter du code arbitraire à distance, de porter atteinte à l'intégrité des données et de contourner la politique de sécurité.

Description

De multiples vulnérabilités ont été identifiées dans IBM AIX :

Des vulnérabilités permettent à un individu malveillant l'exécution locale ou à distance de code arbitraire avec des privilèges d'administration ;
une vulnérabilité permet une atteinte à l'intégrité des données et un contournement de la politique de sécurité.

Contournement provisoire

Des correctifs temporaires ont été mis à disposition par IBM pour certaines des vulnérabilités. Ces correctifs peuvent parfois avoir certains effets de bord, il est recommandé de les tester avant un déploiement sur des systèmes en production.

Solution

Se référer au bulletin de sécurité de IBM pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	AIX	IBM AIX 5.3.
	IBM	AIX	IBM AIX 5.2 ;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-4622 (GCVE-0-2007-4622)

Vulnerability from cvelistv5

gsd-2007-4622

Vulnerability from gsd

fkie_cve-2007-4622

Vulnerability from fkie_nvd

ghsa-r6ww-5h8f-3m8g

Vulnerability from github

CERTA-2007-AVI-464

Vulnerability from certfr_avis

Description

Contournement provisoire

Solution

Tags

Sightings

Nomenclature