CVE-2014-3074
published 2014-07-02CVE-2014-3074: The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting…
high7.2CVSS 3.1
AVLACLAuNCCICAC
EXPLOIT
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | aix | — | — |
| ibm | aix | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |
| ibm | vios | — | — |