CVE-2014-3074 — IBM Vios vulnerability

CWE-2643 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 76.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM AIX IBM Vios

Timeline

PublishedJul 2

Latest updateMay 13

Description

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDibm/vios16 versions+15

▶NVDibm/aix6.1, 7.1+1

🔴Vulnerability Details

GHSA

GHSA-rj97-7gg7-c89r: The runtime linker in IBM AIX 6↗2022-05-13

▶

CVEList

CVE-2014-3074: The runtime linker in IBM AIX 6↗2014-07-02

▶