Vulnerability CVE-2016-6079


Published: 2017-02-15

Description:
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation
Hector X. Monseg...
08.11.2016

Vendor: IBM
Product: AIX 
Version:
7.2
7.1
6.1
5.3
Product: VIOS 
Version:
2.2.5.10
2.2.5.0
2.2.4.30
2.2.4.23
2.2.4.22
2.2.4.21
2.2.4.10
2.2.4.0
2.2.3.80
2.2.3.70
2.2.3.60
2.2.3.52
2.2.3.51
2.2.3.50
2.2.3.4
2.2.3.3
2.2.3.2
2.2.3.1
2.2.3.0
2.2.2.70
2.2.2.6
2.2.2.4
2.2.2.3
2.2.2.2
2.2.2.1
2.2.2.0
2.2.1.8
2.2.1.7
2.2.1.6
2.2.1.5
2.2.1.4
2.2.1.3
2.2.1.1
2.2.1.0
2.2.0.13
2.2.0.12
2.2.0.11
2.2.0.10
2.2.0.0

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc
http://www.securityfocus.com/bid/94090
http://www.securitytracker.com/id/1037256
https://www.exploit-db.com/exploits/40710/

Related CVE
CVE-2018-1920
IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X...
CVE-2018-1424
IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM ...
CVE-2018-1730
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147709...
CVE-2018-1905
IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory reso...
CVE-2018-1779
IBM API Connect 2018.1 through 2018.3.7 could allow an unauthenticated attacker to cause a denial of service due to not setting limits on JSON payload size. IBM X-Force ID: 148802.
CVE-2018-1643
The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona...
CVE-2018-1808
IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.
CVE-2018-1792
IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. IBM X-Force ID: 148947.

Copyright 2018, cxsecurity.com

 

Back to Top