CVE-2008-1599 Information

Feb 14, 2021 cve

Description

The nddstat programs on IBM AIX 5.2 5.3 and 6.1 do not properly handle environment variables which allows local users to gain privileges by invoking (1) atmstat (2) entstat (3) fddistat (4) hdlcstat or (5) tokstat.

Reference

http://securitytracker.com/id?1019604 http://www.ibm.com/support/docview.wss?uid=isg1IZ16975 http://www.ibm.com/support/docview.wss?uid=isg1IZ16991 http://www.ibm.com/support/docview.wss?uid=isg1IZ17058 http://www.ibm.com/support/docview.wss?uid=isg1IZ17059 http://www.vupen.com/english/advisories/2008/0865 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4156 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4157 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4158 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5468

Share on: