| Vulnerability Name: | CVE-2005-3749 (CCN-23108) | ||||||||
| Assigned: | 2005-11-11 | ||||||||
| Published: | 2005-11-11 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-3749 Source: CCN Type: SA17474 AIX "diagela" Script Arbitrary Code Execution Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 17474 Source: CCN Type: SECTRACK ID: 1015212 IBM AIX diagela Absolute Path Vulnerability Lets Local Users Gain Elevated Privileges Source: SECTRACK Type: Patch 1015212 Source: CCN Type: IBM APAR IY78800 IY78800: SECURITY : ABSOLUTE PATH VULNERABILITIES IN DIAGELA COMMAND Source: CCN Type: IBM APAR IY78801 IY78801: SECURITY : ABSOLUTE PATH VULNERABILITIES IN DIAGELA COMMAND Source: CCN Type: IBM APAR IY78926 IY78926: SECURITY : ABSOLUTE PATH VULNERABILITIES IN DIAGELA COMMAND Source: AIXAPAR Type: UNKNOWN IY78800 Source: AIXAPAR Type: UNKNOWN IY78801 Source: AIXAPAR Type: UNKNOWN IY78926 Source: OSVDB Type: UNKNOWN 20768 Source: CCN Type: OSVDB ID: 20768 IBM AIX bos.diag.rte Package diagela.sh Unspecified Issue Source: BID Type: UNKNOWN 15397 Source: CCN Type: BID-15397 IBM AIX Diagela.SH Local Arbitrary Code Execution Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2005-2392 Source: XF Type: UNKNOWN aix-diagela(23108) Source: XF Type: UNKNOWN aix-diagela(23108) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||