CVE-2007-4238Incorrect Ownership Assignment in IBM AIX

CWE-708Incorrect Ownership AssignmentCWE-653Improper Isolation or Compartmentalization5 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
0.1%
top 81.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM AIX
Timeline
PublishedAug 8
Latest updateMay 1

Description

AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

NVDibm/aix5.2, 5.3+1

🔴Vulnerability Details

2
GHSA
GHSA-rjgh-f2m3-ggcc: AIX 52022-05-01
CVEList
CVE-2007-4238: AIX 52007-08-08

📐Framework References

2
CWE
Incorrect Ownership Assignment
CWE
Improper Isolation or Compartmentalization
CVE-2007-4238 — Incorrect Ownership Assignment in IBM | cvebase