Cluster 02: VEN-AIX

To: cve-review@linus.mitre.org
Subject: Cluster 02: VEN-AIX
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Thu, 17 Jun 1999 15:06:11 -0400 (EDT)


This cluster has 10 vulnerabilities.


------------------------------------------
Candidate: CAN-1999-0072
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:004.1

Buffer overflow in AIX xdat gives root access to local users.

------------------------------------------
Candidate: CAN-1999-0086
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1998:001.1

AIX routed allows remote users to modify sensitive files.

------------------------------------------
Candidate: CAN-1999-0088
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1998:004.1

IRIX and AIX automountd services (autofsd) allow remote users to
execute root commands.

------------------------------------------
Candidate: CAN-1999-0089
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:005.1

Buffer overflow in AIX libDtSvc library can allow local users
to gain root access.

------------------------------------------
Candidate: CAN-1999-0090
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:005.1

Buffer overflow in AIX rcp command allows local users to obtain
root access.

------------------------------------------
Candidate: CAN-1999-0091
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:005.1

Buffer overflow in AIX writesrv command allows local users to obtain
root access.

------------------------------------------
Candidate: CAN-1999-0093
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:008.1

AIX nslookup command allows local users to obtain root access by not
dropping privileges correctly.

------------------------------------------
Candidate: CAN-1999-0094
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:007.1

AIX piodmgrsu command allows local users to gain additional
group privileges.

------------------------------------------
Candidate: CAN-1999-0097
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:009.1

The AIX FTP client can be forced to execute commands from a malicious
server through shell metacharacters, i.e. in files whose name begins with a
pipe character.

------------------------------------------
Candidate: CAN-1999-0100
Proposer: 001
Assigned: 19990617
Announced: 19990617
Category: SF
Reference: ERS:ERS-SVA-E01-1997:002.1

Remote access in AIX innd 1.5.1, using control messages.

Follow-Ups:
- Re: Cluster 02: VEN-AIX
  - From: Adam Shostack <adam@netect.com>

Prev by Date: Sub-clusters of the VEN Candidate Cluster
Next by Date: Cluster 03: VEN-SUN
Prev by thread: Sub-clusters of the VEN Candidate Cluster
Next by thread: Re: Cluster 02: VEN-AIX
Index(es):
- Date
- Thread

Page Last Updated: May 22, 2007

Common Vulnerabilities and Exposures

Cluster 02: VEN-AIX