Vulnerability CVE-2014-3977 - CERT Civis.Net

Vulnerability Name:

CVE-2014-3977 (CCN-93595)

Assigned:

2014-06-05

Published:

2014-06-05

Updated:

2021-08-31

Summary:

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
Note: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: IBM AIX Security Advisory
Arbitary file overwrite symlink in libodm

Source: CONFIRM
Type: UNKNOWN
http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc

Source: MITRE
Type: CNA
CVE-2014-3977

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html

Source: EXPLOIT-DB
Type: UNKNOWN
33725

Source: AIXAPAR
Type: UNKNOWN
IV60299

Source: AIXAPAR
Type: UNKNOWN
IV60303

Source: AIXAPAR
Type: UNKNOWN
IV60311

Source: AIXAPAR
Type: UNKNOWN
IV60312

Source: AIXAPAR
Type: UNKNOWN
IV60313

Source: AIXAPAR
Type: UNKNOWN
IV60314

Source: SECTRACK
Type: UNKNOWN
1030401

Source: XF
Type: UNKNOWN
ibm-aix-cve20143977-symlink(93595)

Source: XF
Type: UNKNOWN
aix-libodm-symlink(93595)

Source: CCN
Type: Packet Storm Security [06-12-2014]
IBM AIX 6.1.8+ Privilege Escalation

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [06-12-2014]

Source: MISC
Type: UNKNOWN
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:vios:2.2.1.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.3.3:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.1.4:fp-25_sp-02:*:*:*:*:*:*

OR cpe:/o:ibm:aix:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.2.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.1.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:ibm:aix:6.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:aix:7.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:25009	V	Arbitary file overwrite symlink in libodm	2014-08-11