Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-8972 — Corporation AIX vulnerability

CWE-2645 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.6%

top 29.75%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

IBM Corporation AIX IBM AIX IBM Vios

Timeline

PublishedFeb 15

Latest updateMay 13

Description

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDibm/aix6.1, 7.1, 7.2+2

▶NVDibm/vios39 versions+38

▶CVEListV5ibm_corporation/aix6.1, 7.1, 7.2+2

Patches

Patch: aix.software.ibm.com ↗Patch: aix.software.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-q6gc-h25f-hw7c: IBM AIX 6↗2022-05-13

▶

CVEList

CVE-2016-8972: IBM AIX 6↗2017-02-15

▶

💥Exploits & PoCs

Exploit-DB

IBM AIX 6.1/7.1/7.2 - 'Bellmail' Local Privilege Escalation↗2016-12-22

▶

💬Community

Bugzilla

CVE-2015-8972 gnuchess: Stack-based buffer overflow on user move input↗2016-11-15

▶