CVE-2009-0536

at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc	Exploit Patch Vendor Advisory
http://osvdb.org/51952
http://secunia.com/advisories/33915
http://www.ibm.com/support/docview.wss?uid=isg1IZ43452	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ43453	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ43454	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ43455	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ43456	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ43457	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ43458	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ43459	Vendor Advisory
http://www.securityfocus.com/bid/33730	Patch
http://www.securitytracker.com/id?1021704
http://www.vupen.com/english/advisories/2009/0405
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/48660
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6155

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:aix:5.2.0:::::::*
	cpe:2.3:o:ibm:aix:5.3.0:::::::*
	cpe:2.3:o:ibm:aix:5.3.7:::::::*
	cpe:2.3:o:ibm:aix:5.3.8:::::::*
	cpe:2.3:o:ibm:aix:5.3.9:::::::*
	cpe:2.3:o:ibm:aix:6.1.0:::::::*
	cpe:2.3:o:ibm:aix:6.1.1:::::::*
	cpe:2.3:o:ibm:aix:6.1.2:::::::*

History

No history.

Information

Published : 2009-02-11 20:30

Updated : 2023-12-10 10:51

NVD link : CVE-2009-0536

Mitre link : CVE-2009-0536

CVE.ORG link : CVE-2009-0536

JSON object : View

Products Affected

ibm

aix

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2009-0536", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-02-11T20:30:00.640", "references": [{"url": "http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/51952", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33915", "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43452", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43453", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43454", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43455", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43456", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43457", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43458", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43459", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/33730", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1021704", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/0405", "source": "cve@mitre.org"}, {"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48660", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6155", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges."}, {"lang": "es", "value": "at en bos.rte.cron sobre IBM AIX v5.2.0, v5.3.0 a la v 5.3.9 y de la v6.1.0 a la 6.1.2, permite a usuarios locales leer ficheros de su elecci\u00f3n a trav\u00e9s de vectores sin especificar, relacionado con el fallo al quitar privilegios de root (administrador)."}], "lastModified": "2017-09-29T01:33:52.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8A7DBFF-B11B-47EC-9E52-C12B156739D5"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6DE57C2-E728-4016-9774-28FB4B0509AB"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57B11497-5622-4759-906A-A93A3E815584"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F9CD013-D904-45DF-AD43-493A22D5744B"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "307B47F5-D903-4763-A353-2538AFD6C9CD"}, {"criteria": "cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF417123-CCB6-48AF-A21B-1974173D516B"}, {"criteria": "cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "362CFB2F-817A-4E55-A315-86B6243E3F74"}, {"criteria": "cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53544921-1C1A-4382-99D7-0F3011BA76DB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}