CVSS: 7.2EPSS: 0%CPEs: 27EXPL: 1CVE-2014-8904 – AIX 7.1 - 'lquerylv' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-8904
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. lquerylv en cmdlvm en IBM AIX 5.3, 6.1, y 7.1 and VIOS 2.2.x permite a usuarios locales ganar privilegios a través de un valor de variable del entorno DBGCMD_LQUERYLV manipulado. • https://www.exploit-db.com/exploits/38576 http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc http://secunia.com/advisories/62195 http://www.ibm.com/support/docview.wss?uid=isg1IV67907 http://www.ibm.com/support/docview.wss?uid=isg1IV67908 http://www.ibm.com/support/docview.wss?uid=isg1IV68070 http://www.ibm.com/support/docview.wss?uid=isg1IV68082 http://www.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 97%CPEs: 147EXPL: 1CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocido como el problema "POODLE". A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 http& • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2014-3074
https://notcve.org/view.php?id=CVE-2014-3074
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program. El enlazador en tiempo de ejecución en IBM AIX 6.1 y 7.1 y VIOS 2.2.x permite a usuarios locales crear un fichero propiedad de root modo 666, y como consecuencia ganar privilegios, mediante la configuración de valores variables de entorno MALLOCOPTIONS y MALLOCBUCKETS manipulados y luego la ejecución de un programa setuid. • http://aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc http://packetstormsecurity.com/files/127390/IBM-AIX-Runtime-Linker-Privilege-Escalation.html http://seclists.org/fulldisclosure/2014/Jul/31 http://secunia.com/advisories/59344 http://www.ibm.com/support/docview.wss?uid=isg1IV60935 http://www.ibm.com/support/docview.wss?uid=isg1IV60940 http://www.ibm.com/support/docview.wss?uid=isg1IV61311 http://www.ibm.com/support/docview.wss?uid=isg1IV61313 http://www.ibm.com/suppo • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 19EXPL: 2CVE-2014-3977 – IBM AIX 6.1.8 - 'libodm' Arbitrary File Write
https://notcve.org/view.php?id=CVE-2014-3977
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. libodm.a en IBM AIX 6.1 y 7.1, y VIOS 2.2.x, permite a usuarios locales sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico sobre un archivo temporal. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2012-2179. IBM AIX versions 6.1.8 and later suffer from a local privilege escalation vulnerability in libodm due to an arbitrary file write. • https://www.exploit-db.com/exploits/33725 http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html http://www.exploit-db.com/exploits/33725 http://www.ibm.com/support/docview.wss?uid=isg1IV60299 http://www.ibm.com/support/docview.wss?uid=isg1IV60303 http://www.ibm.com/support/docview.wss?uid=isg1IV60311 http://www.ibm.com/support/docview.wss?uid=isg1IV60312 http://www.ibm.com/supp • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.7EPSS: 0%CPEs: 13EXPL: 1CVE-2014-0930
https://notcve.org/view.php?id=CVE-2014-0930
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation. La llamada de sistema ptrace en IBM AIX 5.3, 6.1, y 7.1 y VIOS 2.2.x, permite a usuarios locales causar una denegación de servicio (caída de sistema) o obtener información sensible de la memoria del kernel a través de una operación PT_LDINFO manipulada. • http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc http://archives.neohapsis.com/archives/bugtraq/2014-05/0031.html http://www.ibm.com/support/docview.wss?uid=isg1IV58766 http://www.ibm.com/support/docview.wss?uid=isg1IV58840 http://www.ibm.com/support/docview.wss?uid=isg1IV58861 http://www.ibm.com/support/docview.wss?uid=isg1IV58888 http://www.ibm.com/support/docview.wss? •