fkie_cve-2009-0536
Vulnerability from fkie_nvd
Published
2009-02-11 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.
References
cve@mitre.orghttp://aix.software.ibm.com/aix/efixes/security/at_advisory.ascExploit, Patch, Vendor Advisory
cve@mitre.orghttp://osvdb.org/51952
cve@mitre.orghttp://secunia.com/advisories/33915
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=isg1IZ43452Vendor Advisory
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=isg1IZ43453Vendor Advisory
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=isg1IZ43454Vendor Advisory
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=isg1IZ43455Vendor Advisory
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=isg1IZ43456Vendor Advisory
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=isg1IZ43457Vendor Advisory
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=isg1IZ43458Vendor Advisory
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=isg1IZ43459Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/33730Patch
cve@mitre.orghttp://www.securitytracker.com/id?1021704
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/0405
cve@mitre.orghttp://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/48660
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6155
af854a3a-2127-422b-91ae-364da2661108http://aix.software.ibm.com/aix/efixes/security/at_advisory.ascExploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/51952
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33915
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=isg1IZ43452Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=isg1IZ43453Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=isg1IZ43454Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=isg1IZ43455Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=isg1IZ43456Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=isg1IZ43457Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=isg1IZ43458Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=isg1IZ43459Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33730Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021704
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0405
af854a3a-2127-422b-91ae-364da2661108http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/48660
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6155
Impacted products
Vendor Product Version
ibm aix 5.2.0
ibm aix 5.3.0
ibm aix 5.3.7
ibm aix 5.3.8
ibm aix 5.3.9
ibm aix 6.1.0
ibm aix 6.1.1
ibm aix 6.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A7DBFF-B11B-47EC-9E52-C12B156739D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DE57C2-E728-4016-9774-28FB4B0509AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B11497-5622-4759-906A-A93A3E815584",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F9CD013-D904-45DF-AD43-493A22D5744B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "307B47F5-D903-4763-A353-2538AFD6C9CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF417123-CCB6-48AF-A21B-1974173D516B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "362CFB2F-817A-4E55-A315-86B6243E3F74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "53544921-1C1A-4382-99D7-0F3011BA76DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges."
    },
    {
      "lang": "es",
      "value": "at en bos.rte.cron sobre IBM AIX v5.2.0, v5.3.0 a la v 5.3.9 y de la v6.1.0 a la 6.1.2, permite a usuarios locales leer ficheros de su elecci\u00f3n a trav\u00e9s de vectores sin especificar, relacionado con el fallo al quitar privilegios de root (administrador)."
    }
  ],
  "id": "CVE-2009-0536",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-02-11T20:30:00.640",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/51952"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33915"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43452"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43453"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43454"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43455"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43456"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43457"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43458"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43459"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33730"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021704"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/0405"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4558"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48660"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6155"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/51952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43454"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43458"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/33730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6155"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.