CVE-2009-2727 – ToolTalk - rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)
https://notcve.org/view.php?id=CVE-2009-2727
Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15. Desbordamiento de búfer basado en pila en la función _tt_internal_realpath en la biblioteca ToolTalk (libtt.a) en IBM AIX v5.2.0, v5.3.0, v5.3.7 a la v5.3.10, y v6.1.0 a la v6.1.3, cuando el demonio rpc.ttdserver está activado en /etc/inetd.conf, permite a atacantes remotos ejecutar código de su elección a través de una cadena larga ASCII XDR-encoded sobre el procedimiento remoto 15. • https://www.exploit-db.com/exploits/16930 http://aix.software.ibm.com/aix/efixes/security/libtt_advisory.asc http://risesecurity.org/advisories/RISE-2009001.txt http://secunia.com/advisories/35505 http://www.ibm.com/support/docview.wss?uid=isg1IZ52842 http://www.ibm.com/support/docview.wss?uid=isg1IZ52843 http://www.ibm.com/support/docview.wss?uid=isg1IZ52844 http://www.ibm.com/support/docview.wss?uid=isg1IZ52845 http://www.ibm.com/support/docview.wss? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-1355
https://notcve.org/view.php?id=CVE-2009-1355
Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename. Desbordamiento de búfer basado en pila en muxatmd en IBM AIX v5.2, v5.3, y v6.1 permite a usuarios locales conseguir privilegios a través de un nombre largo de fichero. • http://aix.software.ibm.com/aix/efixes/security/muxatmd_advisory.asc http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=784 http://secunia.com/advisories/34662 http://www.ibm.com/support/docview.wss?uid=isg1IZ48495 http://www.ibm.com/support/docview.wss?uid=isg1IZ48496 http://www.ibm.com/support/docview.wss?uid=isg1IZ48499 http://www.ibm.com/support/docview.wss? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0536
https://notcve.org/view.php?id=CVE-2009-0536
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges. at en bos.rte.cron sobre IBM AIX v5.2.0, v5.3.0 a la v 5.3.9 y de la v6.1.0 a la 6.1.2, permite a usuarios locales leer ficheros de su elección a través de vectores sin especificar, relacionado con el fallo al quitar privilegios de root (administrador). • http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc http://osvdb.org/51952 http://secunia.com/advisories/33915 http://www.ibm.com/support/docview.wss?uid=isg1IZ43452 http://www.ibm.com/support/docview.wss?uid=isg1IZ43453 http://www.ibm.com/support/docview.wss?uid=isg1IZ43454 http://www.ibm.com/support/docview.wss?uid=isg1IZ43455 http://www.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-0370
https://notcve.org/view.php?id=CVE-2009-0370
Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files." Múltiples vulnerabilidades no especificadas en IBM AIX v5.2.0 hasta v6.1.2; permiten a usuarios locales incluir datos en ficheros arbitrarios. Está relacionado con (1) rmsock y (2) rmsock64 que no crean "ficheros de log seguros." • http://aix.software.ibm.com/aix/efixes/security/rmsock_advisory.asc http://www.ibm.com/support/docview.wss?uid=isg1IZ40386 http://www.ibm.com/support/docview.wss?uid=isg1IZ41510 http://www.ibm.com/support/docview.wss?uid=isg1IZ41593 http://www.ibm.com/support/docview.wss?uid=isg1IZ41599 http://www.ibm.com/support/docview.wss? •
CVE-2007-6717
https://notcve.org/view.php?id=CVE-2007-6717
Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors. Desbordamiento del búfer en tftp de bos.net.tcp.client de IBM AIX 5.2.0 y 5.3.0; permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://secunia.com/advisories/27437 http://www.ibm.com/support/docview.wss?uid=isg1IZ03054 http://www.ibm.com/support/docview.wss?uid=isg1IZ03060 http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?path=/200710/SECURITY/20071030/datafile110126&mode=7&heading=AIX53 https://exchange.xforce.ibmcloud.com/vulnerabilities/45651 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5988 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •