Ibm Aix vulnerabilities

CVE-2006-1246 [HIGH] CVE-2006-1246: Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute ar Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability.

CVE-2006-0667 [MEDIUM] CVE-2006-0667: lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack. lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack.

CVE-2006-0666 [MEDIUM] CVE-2006-0666: Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 th Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX.

CVE-2006-0674 [MEDIUM] CVE-2006-0674: Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users t Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument.

CVE-2006-0133 [LOW] CVE-2006-0133: Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the exis Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273.

CVE-2005-4272 [CRITICAL] CVE-2005-4272: Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary c Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal.

CVE-2005-4271 [HIGH] CVE-2005-4271: Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary co Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code.

CVE-2005-4273 [LOW] CVE-2005-4273: Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local u Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files.

CVE-2005-4068 [HIGH] CVE-2005-4068: Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors.

CVE-2005-3749 [HIGH] CVE-2005-3749: Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5 Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors.

CVE-2005-3504 [HIGH] CVE-2005-3504: Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to c Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code.

CVE-2005-3396 [HIGH] CVE-2005-3396: Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.

CVE-2005-3289 [LOW] CVE-2005-3289: LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to c LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file.

CVE-2005-3060 [HIGH] CVE-2005-3060: Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via un Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors.

CVE-2005-2235 [HIGH] CVE-2005-2235: Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users t Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.

CVE-2005-2236 [HIGH] CVE-2005-2236: Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, migh Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.

CVE-2005-2233 [HIGH] CVE-2005-2233: Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to exec Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare.

CVE-2005-2232 [MEDIUM] CVE-2005-2232: Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitr Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument.

CVE-2005-2238 [LOW] CVE-2005-2238: ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (por ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.

CVE-2005-1037 [CRITICAL] CVE-2005-1037: Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gai Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.