Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2008-0586 | First vendor Publication | 2008-02-04 |
Vendor | Cve | Last vendor Modification | 2017-09-29 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0586 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5704 | |||
Oval ID: | oval:org.mitre.oval:def:5704 | ||
Title: | AIX Logical Volume Manager buffer overflow | ||
Description: | Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-0586 | Version: | 1 |
Platform(s): | IBM AIX 5.2 IBM AIX 5.3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41160 | IBM AIX bos.rte.lvm lvgenminor Unspecified Local Overflow IBM AIX is prone to an overflow condition. The bos.rte.lvm command, /usr/sbin/lvgenminor, fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted command, a local attacker can potentially execute arbitrary code with root privileges. |
41159 | IBM AIX bos.rte.lvm lvaryoffvg Unspecified Local Overflow IBM AIX is prone to an overflow condition. The bos.rte.lvm command, /usr/sbin/lvaryoffvg, fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted command, a local attacker can potentially execute arbitrary code with root privileges. |
40429 | IBM AIX bos.clvm.lvm ldeletepv Unspecified Local Overflow IBM AIX is prone to an overflow condition. The bos.rte.lvm command, /usr/sbin/ldeletepv, fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted command, a local attacker can potentially execute arbitrary code with root privileges. |
40428 | IBM AIX bos.rte.enh tellclvmd Unspecified Local Overflow IBM AIX is prone to an overflow condition. The bos.rte.enh command, /usr/sbin/tellclvmd, fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted command, a local attacker can potentially execute arbitrary code with root privileges. |
40427 | IBM AIX bos.rte.lvm putlvodm Unspecified Local Overflow IBM AIX is prone to an overflow condition. The bos.rte.lvm command, /usr/sbin/putlvodm, fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted command, a local attacker can potentially execute arbitrary code with root privileges. |
40426 | IBM AIX bos.rte.lvm lchangevg Unspecified Local Overflow IBM AIX is prone to an overflow condition. The bos.rte.lvm command, /usr/sbin/lchangevg, fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted command, a local attacker can potentially execute arbitrary code with root privileges. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-03-13 | Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U804573.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U810245.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U815028.nasl - Type : ACT_GATHER_INFO |
2008-02-12 | Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U811870.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:07:04 |
|
2021-04-22 01:07:30 |
|
2020-05-23 00:21:12 |
|
2017-09-29 09:23:23 |
|
2017-08-08 09:23:51 |
|
2016-06-28 17:11:09 |
|
2016-04-26 17:05:21 |
|
2014-02-17 10:43:38 |
|
2013-05-11 00:08:32 |
|
2012-11-07 00:16:27 |
|