CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM » AIX » 5.3.0 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-1124 DoS 2010-03-26 2010-03-29
7.8
None Remote Low Not required None None Complete
bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors, as demonstrated by IBM DB2 crashes on "systems with databases cataloged with alternate servers using IP addresses."
2 CVE-2009-3699 119 Exec Code Overflow 2009-10-15 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
3 CVE-2009-3517 Bypass 2009-10-01 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.
4 CVE-2009-3516 255 Bypass 2009-10-01 2017-09-19
7.2
None Local Low Not required Complete Complete Complete
gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.
5 CVE-2009-2727 119 Exec Code Overflow 2009-08-10 2009-08-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.
6 CVE-2009-0536 264 2009-02-11 2017-09-29
4.9
None Local Low Not required Complete None None
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.
7 CVE-2007-6717 119 Overflow +Priv 2008-09-11 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.
8 CVE-2007-3680 119 Exec Code Overflow 2007-07-11 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable.
9 CVE-2007-0618 2007-01-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
10 CVE-2006-6915 DoS 2006-12-31 2011-03-08
4.0
None Remote Low ??? None None Partial
ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.
11 CVE-2006-6914 +Info 2006-12-31 2011-03-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.
12 CVE-2006-5011 Exec Code 2006-09-27 2017-07-20
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine".
13 CVE-2006-5010 Exec Code 2006-09-27 2017-07-20
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program.
14 CVE-2006-5009 Exec Code Overflow 2006-09-27 2017-07-20
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overflow.
15 CVE-2006-5008 Exec Code 2006-09-27 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.
16 CVE-2006-5007 +Priv 2006-09-27 2017-07-20
4.6
None Local Low Not required Partial Partial Partial
Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.
17 CVE-2006-5006 Exec Code Overflow 2006-09-27 2017-07-20
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument.
18 CVE-2006-5005 Exec Code 2006-09-27 2017-07-20
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login.
19 CVE-2006-5004 2006-09-27 2017-07-20
2.1
None Local Low Not required None Partial None
Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors.
20 CVE-2006-5003 Exec Code 2006-09-27 2017-07-20
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors.
21 CVE-2006-1247 59 2006-04-19 2018-10-18
3.3
None Local Medium Not required None Partial Partial
rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
22 CVE-2005-1037 +Priv 2005-05-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.
Total number of vulnerabilities : 22   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.