cvelistv5 - cve-2008-5385

CVE-2008-5385 (GCVE-0-2008-5385)

Vulnerability from cvelistv5

Published

2008-12-09 00:00

Modified

2024-08-07 10:49

Severity ?

CWE

Summary

enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.

References

URL

Tags

cve@mitre.org	http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc
cve@mitre.org	http://osvdb.org/50217
cve@mitre.org	http://secunia.com/advisories/32916	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/32493
cve@mitre.org	http://www.securitytracker.com/id?1021290
af854a3a-2127-422b-91ae-364da2661108	http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/50217
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32916	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32493
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021290

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:49:12.752Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "50217",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/50217"
          },
          {
            "name": "32916",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32916"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
          },
          {
            "name": "32493",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32493"
          },
          {
            "name": "IZ34481",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481"
          },
          {
            "name": "IZ33088",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088"
          },
          {
            "name": "IZ34785",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785"
          },
          {
            "name": "1021290",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021290"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-11-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-12-17T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "50217",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/50217"
        },
        {
          "name": "32916",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32916"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
        },
        {
          "name": "32493",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32493"
        },
        {
          "name": "IZ34481",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481"
        },
        {
          "name": "IZ33088",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088"
        },
        {
          "name": "IZ34785",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785"
        },
        {
          "name": "1021290",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021290"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5385",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "50217",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/50217"
            },
            {
              "name": "32916",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32916"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc",
              "refsource": "CONFIRM",
              "url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
            },
            {
              "name": "32493",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32493"
            },
            {
              "name": "IZ34481",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481"
            },
            {
              "name": "IZ33088",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088"
            },
            {
              "name": "IZ34785",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785"
            },
            {
              "name": "1021290",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1021290"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5385",
    "datePublished": "2008-12-09T00:00:00",
    "dateReserved": "2008-12-08T00:00:00",
    "dateUpdated": "2024-08-07T10:49:12.752Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-5385\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-12-09T00:30:00.440\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"enq en bos.rte.printers en IBM AIX v6.1.0 a la v6.1.2, cuando la cola de impresi\u00f3n est\u00e1 definida en /etc/qconfig, permite a usuarios locales eliminar ficheros de su elecci\u00f3n a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD518B94-9CD7-4C45-8766-578CF427B4CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"362CFB2F-817A-4E55-A315-86B6243E3F74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53544921-1C1A-4382-99D7-0F3011BA76DB\"}]}]}],\"references\":[{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/50217\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/32916\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/32493\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1021290\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/50217\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/32493\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1021290\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-cp83-5j4q-292w

Vulnerability from github

Published

2022-05-17 05:53

Modified

2022-05-17 05:53

Details

enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-5385"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-12-09T00:30:00Z",
    "severity": "MODERATE"
  },
  "details": "enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.",
  "id": "GHSA-cp83-5j4q-292w",
  "modified": "2022-05-17T05:53:13Z",
  "published": "2022-05-17T05:53:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5385"
    },
    {
      "type": "WEB",
      "url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/50217"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32916"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/32493"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021290"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2008-5385

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.

Aliases

CVE-2008-5385

Aliases

CVE-2008-5385

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-5385",
    "description": "enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.",
    "id": "GSD-2008-5385"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-5385"
      ],
      "details": "enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.",
      "id": "GSD-2008-5385",
      "modified": "2023-12-13T01:23:03.858071Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-5385",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "50217",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/50217"
          },
          {
            "name": "32916",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32916"
          },
          {
            "name": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc",
            "refsource": "CONFIRM",
            "url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
          },
          {
            "name": "32493",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/32493"
          },
          {
            "name": "IZ34481",
            "refsource": "AIXAPAR",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481"
          },
          {
            "name": "IZ33088",
            "refsource": "AIXAPAR",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088"
          },
          {
            "name": "IZ34785",
            "refsource": "AIXAPAR",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785"
          },
          {
            "name": "1021290",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1021290"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5385"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "IZ34481",
              "refsource": "AIXAPAR",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481"
            },
            {
              "name": "1021290",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021290"
            },
            {
              "name": "IZ33088",
              "refsource": "AIXAPAR",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088"
            },
            {
              "name": "IZ34785",
              "refsource": "AIXAPAR",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785"
            },
            {
              "name": "32916",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32916"
            },
            {
              "name": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
            },
            {
              "name": "50217",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/50217"
            },
            {
              "name": "32493",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/32493"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2008-12-17T06:40Z",
      "publishedDate": "2008-12-09T00:30Z"
    }
  }
}

CERTA-2008-AVI-594

Vulnerability from certfr_avis

Plusieurs vulnérabilités sont présentes dans IBM AIX et permettent à un utilisateur local malintentionné d'élever ses privilèges et de porter atteinte à l'intégrité des données.

Description

Plusieurs vulnérabilités permettant à un utilisateur local d'élever ses privilèges sont présentes dans le système d'exploitation IBM AIX :

la première est relative à la commande /usr/sbin/ndp qui présente une erreur de type débordement de mémoire si le service netcd est lancé ;
la seconde concerne la commande /usr/sbin/autoconf6 qui présente une erreur de type débordement de mémoire et peut être exploitée si la fonction RBAC est utilisée et que l'attaquant possède la permission :
aix.network.config.tcpip ;
la troisième est relative à la commande /usr/bin/enq qui permet, sous certaines conditions, de supprimer des fichiers du système ;
la dernière concerne la commande /usr/bin/crontab qui permet, sous certaines conditions, de donner des privilèges élevés à l'éditeur qu'il appelle.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM AIX 6.1.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

fkie_cve-2008-5385

Vulnerability from fkie_nvd

Published

2008-12-09 00:30

Modified

2025-04-09 00:30

Severity ?

Summary

enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc
cve@mitre.org	http://osvdb.org/50217
cve@mitre.org	http://secunia.com/advisories/32916	Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481	Patch, Vendor Advisory
cve@mitre.org	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785	Patch, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/32493
cve@mitre.org	http://www.securitytracker.com/id?1021290
af854a3a-2127-422b-91ae-364da2661108	http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/50217
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32916	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/32493
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021290

Impacted products

Vendor	Product	Version
ibm	aix	6.1
ibm	aix	6.1.1
ibm	aix	6.1.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "362CFB2F-817A-4E55-A315-86B6243E3F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "53544921-1C1A-4382-99D7-0F3011BA76DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "enq en bos.rte.printers en IBM AIX v6.1.0 a la v6.1.2, cuando la cola de impresi\u00f3n est\u00e1 definida en /etc/qconfig, permite a usuarios locales eliminar ficheros de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2008-5385",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-09T00:30:00.440",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/50217"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32916"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32493"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021290"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://aix.software.ibm.com/aix/efixes/security/aix61_advisory.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/50217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ33088"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ34785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32493"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021290"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-5385 (GCVE-0-2008-5385)

Vulnerability from cvelistv5

ghsa-cp83-5j4q-292w

Vulnerability from github

gsd-2008-5385

Vulnerability from gsd

CERTA-2008-AVI-594

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2008-5385

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature