Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2008-4018 | First vendor Publication | 2008-09-10 |
Vendor | Cve | Last vendor Modification | 2017-09-29 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4018 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5932 | |||
Oval ID: | oval:org.mitre.oval:def:5932 | ||
Title: | IBM AIX 'swcons' Insecure File Creation Vulnerability | ||
Description: | swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4018 | Version: | 1 |
Platform(s): | IBM AIX 5.2 IBM AIX 5.3 IBM AIX 6.1 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 3 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
47911 | IBM AIX swcons Command Local Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ18334.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ18335.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ18338.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ18339.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ18341.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote AIX host is missing a security patch. File : aix_IZ28943.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:08:01 |
|
2021-04-22 01:08:22 |
|
2020-05-23 00:22:14 |
|
2017-09-29 09:23:42 |
|
2017-08-08 09:24:22 |
|
2016-04-26 17:48:49 |
|
2014-02-17 10:46:30 |
|
2013-05-11 00:25:34 |
|