CVE-2008-1599 — IBM AIX vulnerability

CWE-2643 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 79.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM AIX

Timeline

PublishedMar 31

Latest updateMay 1

Description

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/aix5.2, 5.3, 6.1+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-vgvw-x2pw-8x6h: The nddstat programs on IBM AIX 5↗2022-05-01

▶

CVEList

CVE-2008-1599: The nddstat programs on IBM AIX 5↗2008-03-31

▶