| Vulnerability Name: | CVE-2009-0370 (CCN-48377) | ||||||||
| Assigned: | 2009-01-29 | ||||||||
| Published: | 2009-01-29 | ||||||||
| Updated: | 2017-09-29 | ||||||||
| Summary: | Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files." | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: IBM SECURITY ADVISORY, Thu Jan 29 11:04:38 CST 2009 AIX rmsock log append file vulnerability Source: CONFIRM Type: UNKNOWN http://aix.software.ibm.com/aix/efixes/security/rmsock_advisory.asc Source: MITRE Type: CNA CVE-2009-0370 Source: CCN Type: SA33773 IBM AIX "rmsock" and "rmsock64" Log File Privilege Escalation Source: AIXAPAR Type: Patch IZ40386 Source: AIXAPAR Type: Patch IZ41510 Source: AIXAPAR Type: UNKNOWN IZ41593 Source: AIXAPAR Type: Patch IZ41599 Source: AIXAPAR Type: Patch IZ42785 Source: AIXAPAR Type: Patch IZ42786 Source: AIXAPAR Type: Patch IZ42787 Source: AIXAPAR Type: Patch IZ42788 Source: CCN Type: OSVDB ID: 52606 IBM AIX rmsock / rmsock64 Function Log File Creation Arbitrary File Append Source: BID Type: Patch 33522 Source: CCN Type: BID-33522 IBM AIX 'rmsock' Insecure Log File Handling Vulnerability Source: XF Type: UNKNOWN ibm-aix-rmsock-privilege-escalation(48377) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6028 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||