Vulnerabilities > CVE-2005-3396 - Local Buffer Overflow vulnerability in IBM AIX CHCONS

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
ibm
nessus

Summary

Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.

Vulnerable Configurations

Part Description Count
OS
Ibm
7

Nessus

  • NASL familyAIX Local Security Checks
    NASL idAIX_U477978.NASL
    descriptionThe remote host is missing AIX PTF U477978, which is related to the security of the package bos.rte.console.
    last seen2020-06-01
    modified2020-06-02
    plugin id65262
    published2013-03-13
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65262
    titleAIX 5.2 TL 9 : bos.rte.console (U477978)
  • NASL familyAIX Local Security Checks
    NASL idAIX_U804752.NASL
    descriptionThe remote host is missing AIX PTF U804752, which is related to the security of the package bos.rte.console.
    last seen2020-06-01
    modified2020-06-02
    plugin id65288
    published2013-03-13
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65288
    titleAIX 5.3 TL 5 : bos.rte.console (U804752)

Oval

accepted2008-05-19T04:00:19.857-04:00
classvulnerability
contributors
nameYuzheng Zhou
organizationHewlett-Packard
definition_extensions
  • commentIBM AIX 5.2 is installed
    ovaloval:org.mitre.oval:def:5189
  • commentIBM AIX 5.3 is installed
    ovaloval:org.mitre.oval:def:5325
descriptionBuffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.
familyunix
idoval:org.mitre.oval:def:5470
statusaccepted
submitted2008-04-11T15:10:44.000-05:00
titleIBM AIX buffer overflow in chcon command has unspecified impact
version42