CVE-2009-2669 - OpenCVE

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Aix

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:6.1:::::::*

References

Link	Resource
http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc	Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815
http://secunia.com/advisories/36156
http://www.ibm.com/support/docview.wss?uid=isg1IZ54090
http://www.ibm.com/support/docview.wss?uid=isg1IZ54091
http://www.ibm.com/support/docview.wss?uid=isg1IZ54593
http://www.ibm.com/support/docview.wss?uid=isg1IZ56203	Patch Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ56204	Patch Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ56205	Patch Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ56206	Patch Vendor Advisory
http://www.securityfocus.com/bid/35934	Patch
http://www.vupen.com/english/advisories/2009/2151

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-05T19:00:00

Updated: 2009-08-12T09:00:00

Reserved: 2009-08-05T00:00:00

Link: CVE-2009-2669

JSON object: View

NVD Information

Status : Modified

Published: 2009-08-05T19:30:01.127

Modified: 2009-08-12T05:30:39.717

Link: CVE-2009-2669

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-04T00:00:00", "descriptions": [{"lang": "en", "value": "A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-08-12T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "IZ54593", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54593"}, {"name": "IZ56204", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56204"}, {"name": "36156", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36156"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc"}, {"name": "IZ56203", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56203"}, {"name": "IZ54090", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54090"}, {"name": "IZ54091", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54091"}, {"name": "35934", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35934"}, {"name": "IZ56205", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56205"}, {"name": "ADV-2009-2151", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2151"}, {"name": "20090804 IBM AIX libC _LIB_INIT_DBG Arbitrary File Creation Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815"}, {"name": "IZ56206", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56206"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2669", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IZ54593", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54593"}, {"name": "IZ56204", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56204"}, {"name": "36156", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36156"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc"}, {"name": "IZ56203", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56203"}, {"name": "IZ54090", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54090"}, {"name": "IZ54091", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54091"}, {"name": "35934", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35934"}, {"name": "IZ56205", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56205"}, {"name": "ADV-2009-2151", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2151"}, {"name": "20090804 IBM AIX libC _LIB_INIT_DBG Arbitrary File Creation Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815"}, {"name": "IZ56206", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56206"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2669", "datePublished": "2009-08-05T19:00:00", "dateReserved": "2009-08-05T00:00:00", "dateUpdated": "2009-08-12T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1."}, {"lang": "es", "value": "Cierto componente de depuraci\u00f3n en IBM AIX v5.3 y v6.1 no proporciona la gesti\u00f3n de los entornos (1) _LIB_INIT_DBG y (2) _LIB_INIT_DBG_FILE, que permite a usuarios locales obtener privilegios utilizando para ello un programa setuid-root para crear un archivo root-owned a su elecci\u00f3n con permisos world-writable, relacionados con ibC.a (como la librer\u00eda XL C++ runtime) en AIX v5.3 y libc.a en AIX v6.1."}], "id": "CVE-2009-2669", "lastModified": "2009-08-12T05:30:39.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-05T19:30:01.127", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc"}, {"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36156"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54090"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54091"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54593"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56203"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56204"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56205"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56206"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/35934"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/2151"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}