CVE-2008-0584
https://notcve.org/view.php?id=CVE-2008-0584
Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs. Múltiples desbordamientos de búfer en bos.rte.contro. en IBM AIX 5.2 y 5.3 permiten a usuarios locales conseguir privilegios a través de vector no especificados relativos a los programas (1)swap, (2) swapoff, y (3) swapon. • http://secunia.com/advisories/28609 http://www.ibm.com/support/docview.wss?uid=isg1IY96095 http://www.ibm.com/support/docview.wss?uid=isg1IY96101 http://www.securityfocus.com/bid/27432 http://www.vupen.com/english/advisories/2008/0261 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4064 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5744 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-0585
https://notcve.org/view.php?id=CVE-2008-0585
sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to "alter the behavior of" this client by overwriting these files. sysmgt.websm.webaccess en IBM AIX 5.2 y 5.3 tiene permisos de escritura para ficheros no espedificados del cliente remoto WebSM, lo cual permite a usuarios locales "cambiar el comportamiento" de este cliente sobrescribiendo esos ficheros. • http://secunia.com/advisories/28609 http://www.ibm.com/support/docview.wss?uid=isg1IY97257 http://www.securityfocus.com/bid/27433 http://www.vupen.com/english/advisories/2008/0261 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066 https://exchange.xforce.ibmcloud.com/vulnerabilities/39906 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-5764
https://notcve.org/view.php?id=CVE-2007-5764
Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option. Desbordamiento de búfer en el programa pioout de printers.rte en IBM AIX 5.2, 5.3, y 6.1 permite a usuarios locales obtener privilegios mediante una opción larga de línea de comando. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=648 http://secunia.com/advisories/28609 http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10840 http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10841 http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10842 http://www-1.ibm.com/support/docview.wss? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-5805
https://notcve.org/view.php?id=CVE-2007-5805
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804. cfgcon de IBM AIX 5.2 and 5.3 no valida apropiadamente el argumento de la opción "-p" en swcons, lo cual permite a usuarios locales en el grupo del sistema crear un fichero de su elección, y habilitar la escritura de todos en este fichero, a través de un enlace simbólico involucrando el uso del nombre del fichero como argumento. NOTA: este asunto se debe a un parche incompleto para CVE-2007-5804. • ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611 http://secunia.com/advisories/27437 http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055 http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061 http://www.securityfocus.com/bid/26258 http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405 https://exchange.xforce.ibmcloud. • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2007-5804
https://notcve.org/view.php?id=CVE-2007-5804
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument. cfgcon en IBM AIX 5.2 y 5.3 no valida adecuadamente el argumento de la opción "-p" a swcons, lo cual permite a usuarios locales del grupo sysmtem crear o sobrescribir ficheros de su elección, y habilitar el fichero para escritura para todo el mundo, utilizando el nombre de fichero como argumento. • ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611 http://secunia.com/advisories/27437 http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055 http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061 http://www.securityfocus.com/bid/26258 http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405 https://exchange.xforce.ibmcloud. •