CVE-2009-0370

Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://aix.software.ibm.com/aix/efixes/security/rmsock_advisory.asc
http://www.ibm.com/support/docview.wss?uid=isg1IZ40386	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ41510	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ41593
http://www.ibm.com/support/docview.wss?uid=isg1IZ41599	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ42785	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ42786	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ42787	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ42788	Patch
http://www.securityfocus.com/bid/33522	Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6028

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.2.2:::::::*
	cpe:2.3:o:ibm:aix:5.2_l:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:5.3.7:::::::*
	cpe:2.3:o:ibm:aix:5.3.8:::::::*
	cpe:2.3:o:ibm:aix:5.3.9:::::::*
	cpe:2.3:o:ibm:aix:5.3_l:::::::*
	cpe:2.3:o:ibm:aix:6.1:::::::*
	cpe:2.3:o:ibm:aix:6.1.1:::::::*
	cpe:2.3:o:ibm:aix:6.1.2:::::::*

History

No history.

Information

Published : 2009-01-30 19:30

Updated : 2023-12-10 10:51

NVD link : CVE-2009-0370

Mitre link : CVE-2009-0370

CVE.ORG link : CVE-2009-0370

JSON object : View

Products Affected

ibm

aix

CWE

NVD-CWE-noinfo

{"id": "CVE-2009-0370", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-01-30T19:30:00.343", "references": [{"url": "http://aix.software.ibm.com/aix/efixes/security/rmsock_advisory.asc", "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ40386", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ41510", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ41593", "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ41599", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ42785", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ42786", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ42787", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ42788", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/33522", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6028", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating \"secure log files.\""}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en IBM AIX v5.2.0 hasta v6.1.2; permiten a usuarios locales incluir datos en ficheros arbitrarios. Est\u00e1 relacionado con (1) rmsock y (2) rmsock64 que no crean \"ficheros de log seguros.\""}], "lastModified": "2017-09-29T01:33:46.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B"}, {"criteria": "cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBD01F19-4B30-4147-AC48-7F5C64EE80CD"}, {"criteria": "cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "104E5C14-6D87-494B-8D60-0443ADDCD31A"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57B11497-5622-4759-906A-A93A3E815584"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F9CD013-D904-45DF-AD43-493A22D5744B"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "307B47F5-D903-4763-A353-2538AFD6C9CD"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "435340B0-AD02-4174-BC7F-6A7C222A7F6D"}, {"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF"}, {"criteria": "cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "362CFB2F-817A-4E55-A315-86B6243E3F74"}, {"criteria": "cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53544921-1C1A-4382-99D7-0F3011BA76DB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}