Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1786Race Condition in IBM AIX

CWE-362Race Condition5 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
0.2%
top 63.24%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM AIX
Timeline
PublishedMay 26
Latest updateMay 2

Description

The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

NVDibm/aix5.3, 6.1+1

Patches

Patch: aix.software.ibm.comPatch: securitytracker.comPatch: aix.software.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-qx62-xcvw-248x: The malloc subsystem in libc in IBM AIX 52022-05-02
CVEList
CVE-2009-1786: The malloc subsystem in libc in IBM AIX 52009-05-26

💥Exploits & PoCs

2
Exploit-DB
IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Local Privilege Escalation2016-11-04
Exploit-DB
Kingsoft Webshield 1.1.0.62 - Cross-Site Scripting / Remote Command Execution2009-05-20
CVE-2009-1786 — Race Condition in IBM AIX | cvebase