The OVAL Repository5.92012-02-24T04:39:47.693-05:00IBM AIX "qosmod" Command Buffer Overflow Privilege Escalation IssueIBM AIX 6.1Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in muxatmd.IBM AIX 5.2IBM AIX 5.3IBM AIX 6.1Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAIX NFSv4 nfs_portmon vulnerabilityIBM AIX 5.3IBM AIX 6.1nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDAIX NFSv4 Kerberos vulnerabilityIBM AIX 5.3IBM AIX 6.1gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in autoconf6.IBM AIX 5.3IBM AIX 6.1Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5300-00 through 5300-05 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-00 through 5300-06.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMalloc subsystem in libc in IBM AIX 5.3 and 6.1 vulnerability.IBM AIX 5.3IBM AIX 6.1The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDWPAR system call implementation in the kernel in IBM AIX 6.1 denial of service.IBM AIX 6.1The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDat allows local users to read arbitrary files.IBM AIX 5.2IBM AIX 5.3IBM AIX 6.1at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in IBM AIX rmsock."IBM AIX 5.2IBM AIX 5.3IBM AIX 6.1Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5300-00 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-00.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5300-01 through 5300-06 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-01 through 5300-06.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 'swcons' Insecure File Creation VulnerabilityIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in chnfsmnt in IBM AIX 6.1.IBM AIX 6.1Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAIX uspchrp buffer overflowIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX Kernel Buffer Overflow Lets Local Users Gain Elevated Privileges or Deny ServiceIBM AIX 5.3IBM AIX 6.1Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX Buffer Overflow in errpt Command May Let Local Users Gain Elevated PrivilegesIBM AIX 5.3IBM AIX 6.1Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDAIX pioout buffer overflowIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.Michael WoodDRAFTINTERIMACCEPTEDAharon CherninINTERIMACCEPTEDACCEPTEDIBM AIX 5300-00 through 5300-05 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-00 through 5300-05.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDcrontab allows local users to gain privileges by launching an editor.IBM AIX 6.1crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAIX utape buffer overflowIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX lsmcode Environment Variable Bug Lets Local Users Gain Root PrivilegesIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.Michael WoodDRAFTINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDACCEPTEDIBM AIX 'nddstat' Commands Let Local Users Gain Root PrivilegesIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.Michael WoodDRAFTINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDACCEPTEDIBM AIX Input Validation Flaw in iostat Command Lets Local Users Gain Root PrivilegesIBM AIX 5.3IBM AIX 6.1Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX "man" Untrusted Binaries Path Privilege Escalation VulnerabilityIBM AIX 5.3IBM AIX 6.1Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory.Yuzheng ZhouDRAFTINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDACCEPTEDIBM AIX 6.1 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX 6.1.Michael WoodMichael WoodDRAFTMichael WoodINTERIMACCEPTEDACCEPTEDIBM AIX Kernel Bugs Let Local Users Execute Arbitrary Code, Access Data, and Deny ServiceIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.Michael WoodDRAFTINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDACCEPTEDIBM AIX 5300-07 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-07.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-00 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-00.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5200-10 is installedIBM AIX 5.2The operating system installed on the system is IBM AIX version 5200-10.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5300-06 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-06.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDAIX security vulnerabilities in sa_snapIBM AIX 5.3IBM AIX 6.1Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.Yamini Mohan RDRAFTINTERIMACCEPTEDACCEPTEDAIX xntpd denial-of-service vulnerabilityIBM AIX 5.3IBM AIX 6.1ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.Yamini Mohan RDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5300-08 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-08.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDAIX rpc.pcnfsd integer overflow vulnerability.IBM AIX 5.3IBM AIX 6.1Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.Varun NarulaDRAFTINTERIMACCEPTEDR, Yamini MohanINTERIMACCEPTEDACCEPTEDIBM AIX 5300-09 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-09.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAIX qoslist buffer overflow vulnerability.IBM AIX 6.1Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.Varun NarulaDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-01 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-01.Aharon CherninDRAFTAharon CherninINTERIMACCEPTEDACCEPTEDVulnerability with DNSSEC validation enabled in BIND.IBM AIX 6.1Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.Varun NarulaDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-04 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-04.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-03 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-03.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-02 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-02.Aharon CherninDRAFTAharon CherninINTERIMACCEPTEDACCEPTEDAIX OpenSSL session renegotiation vulnerabilityIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.Yamini Mohan RDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5.3 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX 5.3.Yuzheng ZhouDRAFTINTERIMACCEPTEDMichael WoodINTERIMMichael WoodACCEPTEDACCEPTEDIBM AIX 5.2 is installedIBM AIX 5.2The operating system installed on the system is IBM AIX 5.2.Yuzheng ZhouDRAFTINTERIMACCEPTEDMichael WoodINTERIMMichael WoodACCEPTEDACCEPTEDIZ71870IZ68231IZ71555IZ71627IZ48495IZ48501IZ48562IZ48561IZ48496IZ48499IZ48500devices.common.IBM.atm.rteIZ48502IZ50399IZ50444IZ49024IZ50496IZ49278IZ49096IZ32051IZ32016IZ30238IZ34753IZ32172IZ34393IZ30231IZ50129IZ50139IZ50121IZ50445IZ50500IZ50447IZ50517bos.rte.libcbos.adt.profIZ13392IZ11571IZ09280IZ43456IZ43458IZ43454IZ43453IZ43457IZ43455IZ43459IZ43452bos.rte.cronIZ41599IZ41510IZ42788IZ41593/usr/sbinrmsock/usr/sbinrmsock64IZ42786IZ42787IZ40386IZ42785IZ28943IZ18334IZ18338IZ18335IZ18341IZ18339IZ23556IZ20391IZ07042IZ06317IZ06621IZ06261IZ06489IZ22369IZ22368IZ22370IZ21494IZ19905IZ22348IZ22347IZ22346IZ10844IZ10841IZ10843IZ10840IZ10842IZ11328/usr/lib/lpd/pio/etcpiooutIZ11687printers.rteIZ11214IZ34783IZ34478bos.rte.cronIZ30248IZ06260IZ06315IZ06620IZ06488IZ07041IZ15277IZ15100IZ15276IZ14526IZ15057IZ14508IZ16975IZ17059IZ16991IZ17058IZ22351IZ21506IZ22350IZ20635IZ22349IZ17390IZ17372IZ17360IZ17177IZ12794IZ10749IZ16992IZ17111IZ11820IZ83975IZ84167IZ81819IZ82630IZ83942IZ82245IZ83909bos.esagentIZ71608IZ71614IZ71093IZ71611IZ68659IZ71613IZ71610IZ73681IZ73590IZ73599IZ75440IZ73874IZ73757IZ75465IZ75369bos.net.nfs.clientIZ68194IZ71554IZ71869IZ71590IZ71667IZ68597IZ71774bos.net.tcp.serverbos.net.tcp.clientopenssl.base6.1.1.06.1.0.05.3.0.605.3.8.05.3.9.05.2.0.515.2.0.976.1.2.05.3.0.635.3.7.26.1.0.15.3.7.05.3.8.06.1.0.05.3.9.26.1.0.86.1.2.35.3.7.06.1.1.45.3.8.65.3.7.85300-056.1.1.06.1.0.95.3.8.55.3.9.25.3.7.86.1.2.35.3.9.05.3.0.06.1.0.06.1.1.46.1.2.05.3.7.05.3.8.05.3.0.715.3.0.636.1.1.26.1.2.06.1.1.05.3.0.05.3.7.06.1.0.05.3.8.16.1.0.15.2.0.1065.3.7.15.2.0.05.3.8.05.3.9.05300-005300-015300-065.3.0.05.2.0.06.1.0.05.3.7.06.1.2.26.1.1.3true5.3.0.725.3.9.25.3.7.75.3.8.66.1.0.75300-05trueCOMMITTED6.1.1.16.1.0.06.1.2.06.1.2.16.1.1.06100-026100-005300-076100-005200-105300-06ALL_INSTALLED06.06.0005.000206.05.0010.00005300-1106.05.0010.000306.06.0004.000706.06.0002.000506.06.0003.000006.06.0004.000006.06.0005.000006.06.0003.000506.05.0012.000106.05.0011.00005300-1006.05.0012.0000ALL_INSTALLED5300-126100-0506.05.0011.000406.06.0002.00005300-085.3.10.25.3.9.75.3.11.05.3.10.06.1.4.05300-105300-116.1.3.06.1.1.76.1.4.35.3.8.116.1.3.35.3.11.26.1.2.6ALL_INSTALLED6.1.1.05.3.9.05.3.8.05300-096100-055300-106.1.3.35300-115.3.11.06.1.4.05.3.11.35.3.10.35.3.10.05.3.12.06.1.3.06.1.2.76.1.5.06.1.5.05.3.12.05300-126.1.4.4ALL_INSTALLED5.3.9.55.3.9.06100-01ALL_INSTALLED6.1.1.76.1.1.06100-046100-036100-026.1.2.66.1.3.36.1.4.06.1.4.2ALL_INSTALLED6.1.3.06.1.4.16.1.2.06.1.3.26.1.4.06.1.2.46.1.3.06.1.2.05300-005400-005200-005300-000.9.8.11020.9.8.80512.9.8.11026200-006100-00