Vulnerability Name:

CVE-2007-4513 (CCN-38163)

Assigned:2007-10-30
Published:2007-10-30
Updated:2017-09-29
Summary:Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: IBM AIX FTP site
IBM AIX

Source: CONFIRM
Type: Patch
ftp://aix.software.ibm.com/aix/efixes/security/lquerypv_ifix.tar

Source: CONFIRM
Type: UNKNOWN
ftp://aix.software.ibm.com/aix/efixes/security/lqueryvg_ifix.tar

Source: MITRE
Type: CNA
CVE-2007-4513

Source: IDEFENSE
Type: UNKNOWN
20071030 IBM AIX lqueryvg Stack Buffer Overflow Vulnerability

Source: IDEFENSE
Type: UNKNOWN
20071030 IBM AIX lquerypv Stack Buffer Overflow Vulnerability

Source: CCN
Type: SA27437
IBM AIX Multiple Privilege Escalation Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
27437

Source: CCN
Type: SECTRACK ID: 1018871
IBM AIX Various Application Buffer Overflows Let Local Users Gain Root Privileges

Source: SECTRACK
Type: UNKNOWN
1018871

Source: AIXAPAR
Type: UNKNOWN
IZ05129

Source: AIXAPAR
Type: UNKNOWN
IZ05349

Source: AIXAPAR
Type: UNKNOWN
IZ05877

Source: CCN
Type: IBM APAR IZ05877
POTENTIAL SECURITY ISSUE

Source: AIXAPAR
Type: UNKNOWN
IZ05971

Source: CCN
Type: IBM APAR IZ05971
POTENTIAL SECURITY ISSUE

Source: BID
Type: Patch
26256

Source: CCN
Type: BID-26256
IBM AIX lqueryvg Local Privilege Escalation Vulnerability

Source: BID
Type: Patch
26259

Source: CCN
Type: BID-26259
IBM AIX lquerypv Local Privilege Escalation Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-3669

Source: CCN
Type: IBM SECURITY ADVISORY
AIX lquerypv buffer overflow vulnerability

Source: XF
Type: UNKNOWN
aix-lquerypv-sprintf-bo(38163)

Source: XF
Type: UNKNOWN
aix-lqueryvg-sprintf-bo(38165)

Source: CCN
Type: iDefense PUBLIC ADVISORY: 10.30.07
IBM AIX lquerypv Stack Buffer Overflow Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5650

Vulnerable Configuration:Configuration 1:
  • cpe:/o:ibm:aix:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:5.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-4513 (CCN-38165)

    Assigned:2007-10-30
    Published:2007-10-30
    Updated:2007-10-30
    Summary:The IBM AIX lqueryvg utility is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the sprintf function. By sending an overly long parameter using the -p command line option, a local attacker could overflow a buffer and execute arbitrary code on the system with root privileges.
    CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Changed
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
    5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
    5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Privileges
    References:Source: CCN
    Type: IBM AIX FTP site
    IBM AIX

    Source: MITRE
    Type: CNA
    CVE-2007-4513

    Source: CCN
    Type: SA27437
    IBM AIX Multiple Privilege Escalation Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1018871
    IBM AIX Various Application Buffer Overflows Let Local Users Gain Root Privileges

    Source: CCN
    Type: IBM APAR IZ05129
    POTENTIAL SECURITY ISSUE

    Source: CCN
    Type: IBM APAR IZ05349
    POTENTIAL SECURITY ISSUE

    Source: CCN
    Type: BID-26256
    IBM AIX lqueryvg Local Privilege Escalation Vulnerability

    Source: CCN
    Type: BID-26259
    IBM AIX lquerypv Local Privilege Escalation Vulnerability

    Source: CCN
    Type: IBM SECURITY ADVISORY
    AIX lqueryvg buffer overflow vulnerability

    Source: XF
    Type: UNKNOWN
    aix-lqueryvg-sprintf-bo(38165)

    Source: CCN
    Type: iDefense PUBLIC ADVISORY: 10.30.07
    IBM AIX lqueryvg Stack Buffer Overflow Vulnerability

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:ibm:aix:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:5.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5650
    V
    		IBM AIX lquerypv Local Privilege Escalation Vulnerability
    2008-08-18
    BACK
    ibm aix 5.2
    ibm aix 5.3
    ibm aix 5.2
    ibm aix 5.3