CVE-2008-1599

EPSS 0.4%

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securitytracker.com/id?1019604 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5468 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4156 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4157 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4158 http://www.ibm.com/support/docview.wss?uid=isg1IZ16975 http://www.ibm.com/support/docview.wss?uid=isg1IZ16991 http://www.ibm.com/support/docview.wss?uid=isg1IZ17058 http://www.ibm.com/support/docview.wss?uid=isg1IZ17059 http://www.vupen.com/english/advisories/2008/0865