CVE-2006-1246

Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://attrition.org/pipermail/vim/2006-March/000641.html
http://secunia.com/advisories/19235	Patch Vendor Advisory
http://securitytracker.com/id?1015786
http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739
http://www.nsfocus.com/english/homepage/research/0602.htm	Patch Vendor Advisory
http://www.osvdb.org/23921
http://www.securityfocus.com/bid/17115
http://www.vupen.com/english/advisories/2006/0957	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25299
https://exchange.xforce.ibmcloud.com/vulnerabilities/25849

Configurations

Configuration 1 (hide)

cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-03-17 11:02

Updated : 2017-07-20 01:30

NVD link : CVE-2006-1246

Mitre link : CVE-2006-1246

CVE.ORG link : CVE-2006-1246

JSON object : View

Products Affected

ibm

aix

CWE

NVD-CWE-noinfo

{"id": "CVE-2006-1246", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-03-17T11:02:00.000", "references": [{"url": "http://attrition.org/pipermail/vim/2006-March/000641.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19235", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015786", "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739", "source": "cve@mitre.org"}, {"url": "http://www.nsfocus.com/english/homepage/research/0602.htm", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/23921", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17115", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0957", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25299", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25849", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability."}], "lastModified": "2017-07-20T01:30:26.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}