CVE-2017-1093
https://notcve.org/view.php?id=CVE-2017-1093
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. IBM AIX 6.1, 7.1 y 7.2 podría permitir a un usuario local explotar una vulnerabilidad en el bellmail binario para obtener privilegios de root. • http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc http://www.securityfocus.com/bid/95891 http://www.securitytracker.com/id/1037748 •
CVE-2016-8972 – IBM AIX 6.1/7.1/7.2 - 'Bellmail' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-8972
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. IBM AIX 6.1, 7.1 y 7.2 podría permitir a un usuario local obtener privilegios de root utilizando un comando especialmente manipulado dentro del cliente de bellmail. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. IBM AIX versions 6.1, 7.1, and 7.2 suffer from a Bellmail privilege escalation vulnerability. • https://www.exploit-db.com/exploits/40950 http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc http://www.securityfocus.com/bid/94979 http://www.securitytracker.com/id/1037480 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-6038
https://notcve.org/view.php?id=CVE-2016-6038
Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL. Vulnerabilidad de salto de directorio en Eclipse Help en IBM Tivoli Lightweight Infrastructure (también conocido como LWI), tal como se utiliza en AIX 5.3, 6.1 y 7.1, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una URL manipulada, • http://aix.software.ibm.com/aix/efixes/security/pconsole_mitigation.asc http://www.securityfocus.com/bid/93180 http://www.securitytracker.com/id/1036887 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-0266
https://notcve.org/view.php?id=CVE-2016-0266
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. IBM AIX 5.3, 6.1, 7.1 y 7.2 y VIOS 2.2.x no predetermina a la última versión TLS, lo que facilita a atacantes man-in-the-middle obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116 http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117 http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118 http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119 http://www-01.ibm.com/support/docview.wss? • CWE-254: 7PK - Security Features •
CVE-2016-0281
https://notcve.org/view.php?id=CVE-2016-0281
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. El controlador mustendd en IBM AIX 5.3, 6.1, 7.1 y 7.2 y VIOS 2.2.x, cuando la característica jumbo_frames no está habilitada, permite a atacantes remotos provocar una denegación de servicio (caída del adaptador FC1763 o FC5899) a través de paquetes manipulados. • http://aix.software.ibm.com/aix/efixes/security/mustendd_advisory.asc http://www-01.ibm.com/support/docview.wss?uid=swg1IV80569 http://www-01.ibm.com/support/docview.wss?uid=swg1IV81357 http://www-01.ibm.com/support/docview.wss?uid=swg1IV81459 http://www-01.ibm.com/support/docview.wss?uid=swg1IV82421 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •