Vulnerabilities > CVE-2005-3396 - Local Buffer Overflow vulnerability in IBM AIX CHCONS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 7 |
Nessus
NASL family AIX Local Security Checks NASL id AIX_U477978.NASL description The remote host is missing AIX PTF U477978, which is related to the security of the package bos.rte.console. last seen 2020-06-01 modified 2020-06-02 plugin id 65262 published 2013-03-13 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65262 title AIX 5.2 TL 9 : bos.rte.console (U477978) NASL family AIX Local Security Checks NASL id AIX_U804752.NASL description The remote host is missing AIX PTF U804752, which is related to the security of the package bos.rte.console. last seen 2020-06-01 modified 2020-06-02 plugin id 65288 published 2013-03-13 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65288 title AIX 5.3 TL 5 : bos.rte.console (U804752)
Oval
accepted | 2008-05-19T04:00:19.857-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument. | ||||||||
family | unix | ||||||||
id | oval:org.mitre.oval:def:5470 | ||||||||
status | accepted | ||||||||
submitted | 2008-04-11T15:10:44.000-05:00 | ||||||||
title | IBM AIX buffer overflow in chcon command has unspecified impact | ||||||||
version | 42 |
References
- http://secunia.com/advisories/17380
- http://securityreason.com/securityalert/261
- http://securitytracker.com/id?1015122
- http://www.securityfocus.com/bid/15247
- http://www.vupen.com/english/advisories/2005/2253
- http://www-1.ibm.com/support/docview.wss?uid=isg1IY78241
- http://www-1.ibm.com/support/docview.wss?uid=isg1IY78253
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5470