Vulnerability Name:

CVE-2009-1786 (CCN-50636)

Assigned:2009-05-19
Published:2009-05-19
Updated:2017-09-29
Summary:The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
6.0 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-362
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: IBM SECURITY ADVISORY
AIX libc MALLOCDEBUG file overwrite vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://aix.software.ibm.com/aix/efixes/security/libc_advisory.asc

Source: MITRE
Type: CNA
CVE-2009-1786

Source: IDEFENSE
Type: UNKNOWN
20090520 IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability

Source: CCN
Type: SA35146
IBM AIX libc MALLOCDEBUG Privilege Escalation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
35146

Source: CCN
Type: SECTRACK ID: 1022261
IBM AIX libc MALLOCDEBUG File Overwrite Bug Lets Local Users Gain Root Privileges

Source: SECTRACK
Type: Patch
1022261

Source: AIXAPAR
Type: UNKNOWN
IZ50121

Source: AIXAPAR
Type: UNKNOWN
IZ50129

Source: AIXAPAR
Type: UNKNOWN
IZ50139

Source: AIXAPAR
Type: UNKNOWN
IZ50445

Source: AIXAPAR
Type: UNKNOWN
IZ50447

Source: AIXAPAR
Type: UNKNOWN
IZ50500

Source: AIXAPAR
Type: UNKNOWN
IZ50517

Source: OSVDB
Type: UNKNOWN
54617

Source: CCN
Type: OSVDB ID: 54617
IBM AIX libc MALLOCDEBUG Environment Variable Local Privilege Escalation

Source: BID
Type: UNKNOWN
35034

Source: CCN
Type: BID-35034
IBM AIX 'MALLOCDEBUG' File Overwrite Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2009-1380

Source: XF
Type: UNKNOWN
aix-mallocdebug-symlink(50636)

Source: XF
Type: UNKNOWN
aix-mallocdebug-privilege-escalation(50636)

Source: CCN
Type: iDefense PUBLIC ADVISORY: 05.20.09
IBM AIX libc MALLOCDEBUG File Overwrite Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6276

Source: EXPLOIT-DB
Type: UNKNOWN
9306

Vulnerable Configuration:Configuration 1:
  • cpe:/o:ibm:aix:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:6.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:ibm:aix:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:5.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:6276
    V
    		Malloc subsystem in libc in IBM AIX 5.3 and 6.1 vulnerability.
    2009-08-31
    BACK
    ibm aix 5.3
    ibm aix 6.1
    ibm aix 6.1
    ibm aix 5.3