[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3977Date: (C)2014-06-16   (M)2023-12-22


libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1030401
EXPLOIT-DB-33725
IV60299
IV60303
IV60311
IV60312
IV60313
IV60314
aix-libodm-symlink(93595)
http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc
http://packetstormsecurity.com/files/127067/IBM-AIX-6.1.8-Privilege-Escalation.html
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3977/

CPE    2
cpe:/o:ibm:aix:7.1
cpe:/o:ibm:aix:6.1
CWE    1
CWE-59
OVAL    1
oval:org.secpod.oval:def:1100064

© SecPod Technologies