CVE-2010-1039 – rpc.pcnfsd - Remote Format String
https://notcve.org/view.php?id=CVE-2010-1039
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. Vulnerabilidad de cadena de formato en la función _msgout en rpc.pcnfsd en AIX de IBM versiones 6.1, 5.3 y anteriores; VIOS de IBM versiones 2.1, 1.5 y anteriores; NFS/ONCplus versión B.11.31_09 y anteriores sobre HP-UX de HP versiones B.11.11, B.11.23 y B.11.31; y IRIX de SGI versión 6.5, permiten a los atacantes remotos ejecutar código arbitrario por medio de una petición RPC que contiene especificadores de cadena de formato en un nombre de directorio no comprobado. • https://www.exploit-db.com/exploits/14407 http://aix.software.ibm.com/aix/efixes/security/pcnfsd_advisory.asc http://marc.info/?l=bugtraq&m=127428077629933&w=2 http://osvdb.org/64729 http://secunia.com/advisories/39835 http://secunia.com/advisories/39911 http://securitytracker.com/id?1024016 http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html http://www.ibm.com/support/docview.wss?uid=isg1IZ73590 http://www.ibm.com/support/docview.wss?uid=isg1IZ735 • CWE-134: Use of Externally-Controlled Format String •
CVE-2009-3699 – AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 - Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-3699
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd. Desbordamiento de búfer basado en pila en libcsa.a (también conocido como biblioteca del demonio calendario (calendar daemon library)) en IBM AIX v5.x hasta v5.3.10 y v6.x hasta v6.1.3, y VIOS v2.1 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario a través de una cadena XDR larga en el primer argumento al procedimiento 21 de rpc.cmsd. • https://www.exploit-db.com/exploits/16929 http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=825 http://secunia.com/advisories/36978 http://securitytracker.com/id?1022996 http://www.ibm.com/support/docview.wss?uid=isg1IZ61628 http://www.ibm.com/support/docview.wss?uid=isg1IZ61717 http://www.ibm.com/support/docview.wss? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-4416
https://notcve.org/view.php?id=CVE-2006-4416
Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program. Vulnerabilidad de ruta de búsqueda no confiable en el comando mkvg en IBM AIX 5.2 y 5.3 permite a usuarios locales escalar privilegios modificando la ruta para apuntar a programas (1) chdev, (2) mkboot, (3) varyonvg, o (4) varyoffvg maliciosos. • ftp://aix.software.ibm.com/aix/efixes/security/README http://secunia.com/advisories/21620 http://secunia.com/advisories/22106 http://securitytracker.com/id?1016920 http://www-1.ibm.com/support/docview.wss?uid=isg1IY88699 http://www-1.ibm.com/support/docview.wss?uid=isg1IY88722 http://www-1.ibm.com/support/docview.wss?uid=isg1IY88737 http://www.securityfocus.com/bid/19708 http://www.securityfocus.com/bid/20197 http://www.vupen.com/english/advisories/2006/3389 http:/ •
CVE-2006-4254 – IBM AIX 5.3.0 - 'setlocale()' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-4254
Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors. Vulnerabilidad no especificada en setlocale en IBM AIX 5.1.0 hasta 5.3.0 permite a usuarios locales escalar privilegios a través de vectores no especificados. • https://www.exploit-db.com/exploits/4612 ftp://aix.software.ibm.com/aix/efixes/security/README http://secunia.com/advisories/21541 http://securitytracker.com/id?1016712 http://www-1.ibm.com/support/search.wss?rs=0&q=IY88183&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY88512&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY88528&apar=only http://www.osvdb.org/27996 http://www.securityfocus.com/bid/19578 http://www.vupen.com •
CVE-2006-2647
https://notcve.org/view.php?id=CVE-2006-2647
Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands. • http://secunia.com/advisories/20325 http://securitytracker.com/id?1016166 http://www-1.ibm.com/support/search.wss?rs=0&q=IY85517&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY85518&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY88524&apar=only http://www.securityfocus.com/bid/18114 http://www.vupen.com/english/advisories/2006/2007 •