CVE-2005-2235

Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/15636	Patch Vendor Advisory
http://securitytracker.com/id?1014132
http://www.caughq.org/advisories/CAU-2005-0004.txt	Vendor Advisory
http://www.security-focus.com/advisories/8819	Patch Vendor Advisory
http://www.securityfocus.com/bid/13912	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:aix:5.1:::::::*
	cpe:2.3:o:ibm:aix:5.1l:::::::*
	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.2.2:::::::*
	cpe:2.3:o:ibm:aix:5.2_l:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:5.3_l:::::::*

History

No history.

Information

Published : 2005-07-12 04:00

Updated : 2008-09-05 20:51

NVD link : CVE-2005-2235

Mitre link : CVE-2005-2235

CVE.ORG link : CVE-2005-2235

JSON object : View

Products Affected

ibm

aix

CWE

NVD-CWE-Other

{"id": "CVE-2005-2235", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-07-12T04:00:00.000", "references": [{"url": "http://secunia.com/advisories/15636", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1014132", "source": "cve@mitre.org"}, {"url": "http://www.caughq.org/advisories/CAU-2005-0004.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.security-focus.com/advisories/8819", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/13912", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments."}], "lastModified": "2008-09-05T20:51:14.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCB23261-D5A9-4C49-B08E-97A63ED6F84A"}, {"criteria": "cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43E38D56-80BA-460C-A296-ED7F506E4364"}, {"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B"}, {"criteria": "cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBD01F19-4B30-4147-AC48-7F5C64EE80CD"}, {"criteria": "cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "104E5C14-6D87-494B-8D60-0443ADDCD31A"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "435340B0-AD02-4174-BC7F-6A7C222A7F6D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}