Vulnerabilities > CVE-2006-1246 - Local Privilege Escalation vulnerability in IBM AIX 5.3

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
ibm
nessus
NVD
Published: 2006-03-17
Updated: 2017-07-20

Summary

Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability.

Vulnerable Configurations

Part Description Count
OS
Ibm
1

Nessus

NASL familyAIX Local Security Checks
NASL idAIX_U805031.NASL
descriptionThe remote host is missing AIX PTF U805031, which is related to the security of the package bos.rte.lvm.
last seen2020-06-01
modified2020-06-02
plugin id65289
published2013-03-13
reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/65289
titleAIX 5.3 TL 4 / 5.3 TL 5 : bos.rte.lvm (U805031)
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were extracted
# from AIX Security PTF U805031. The text itself is copyright (C)
# International Business Machines Corp.
#

include("compat.inc");

if (description)
{
  script_id(65289);
  script_version("1.2");
  script_cvs_date("Date: 2019/09/16 14:12:47");

  script_cve_id("CVE-2006-1246");

  script_name(english:"AIX 5.3 TL 4 / 5.3 TL 5 : bos.rte.lvm (U805031)");
  script_summary(english:"Check for PTF U805031");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote AIX host is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is missing AIX PTF U805031, which is related to the
security of the package bos.rte.lvm."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IY82739"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install the appropriate missing security-related fix."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/03/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

flag = 0;

if ( aix_check_patch(ml:"530004", patch:"U805031", package:"bos.rte.lvm.5.3.0.42") < 0 ) flag++;
if ( aix_check_patch(ml:"530005", patch:"U805031", package:"bos.rte.lvm.5.3.0.42") < 0 ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References