Vulnerability CVE-2016-6079


Published: 2017-02-15   Modified: 2017-09-02

Description:
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation
Hector X. Monseg...
08.11.2016

Vendor: IBM
Product: AIX 
Version:
7.2
7.1
6.1
5.3
Product: VIOS 
Version:
2.2.5.10
2.2.5.0
2.2.4.30
2.2.4.23
2.2.4.22
2.2.4.21
2.2.4.10
2.2.4.0
2.2.3.80
2.2.3.70
2.2.3.60
2.2.3.52
2.2.3.51
2.2.3.50
2.2.3.4
2.2.3.3
2.2.3.2
2.2.3.1
2.2.3.0
2.2.2.70
2.2.2.6
2.2.2.4
2.2.2.3
2.2.2.2
2.2.2.1
2.2.2.0
2.2.1.8
2.2.1.7
2.2.1.6
2.2.1.5
2.2.1.4
2.2.1.3
2.2.1.1
2.2.1.0
2.2.0.13
2.2.0.12
2.2.0.11
2.2.0.10
2.2.0.0

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc
http://www.securityfocus.com/bid/94090
http://www.securitytracker.com/id/1037256
https://www.exploit-db.com/exploits/40710/

Related CVE
CVE-2017-1538
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive information from an undocumented URL. IBM X-Force ID: 130735.
CVE-2017-1339
IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Server uses weak encryption for the password. A database administrator may be able to decrypt the IBM Spectrum protect client or administrator password which can result in information...
CVE-2017-1569
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779.
CVE-2017-1335
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2017-1359
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2017-1345
IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with...
CVE-2017-1324
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2017-1334
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Copyright 2017, cxsecurity.com

 

Back to Top