CVE-2010-3405 - OpenCVE

Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Vios Aix

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:6.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ibm:vios:1.5:::::::*
	cpe:2.3:a:ibm:vios:2.1:::::::*

References

Link	Resource
http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc	Patch Vendor Advisory
http://secunia.com/advisories/41446	Third Party Advisory
http://securitytracker.com/id?1024430	Third Party Advisory VDB Entry
http://www.ibm.com/support/docview.wss?uid=isg1IZ81819	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ82245	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ82630	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ83909	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ83942	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ83975	Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ84167	Vendor Advisory
http://www.securityfocus.com/bid/43207	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2010/2377	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/61774	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-16T20:00:00

Updated: 2017-09-18T12:57:01

Reserved: 2010-09-16T00:00:00

Link: CVE-2010-3405

JSON object: View

NVD Information

Status : Analyzed

Published: 2010-09-16T21:00:01.607

Modified: 2018-11-28T17:13:09.993

Link: CVE-2010-3405

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-13T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "IZ82245", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82245"}, {"name": "IZ83942", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83942"}, {"name": "ADV-2010-2377", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2377"}, {"name": "oval:org.mitre.oval:def:12214", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214"}, {"name": "43207", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/43207"}, {"name": "IZ84167", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ84167"}, {"name": "IZ81819", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ81819"}, {"name": "ibm-aix-sasnap-bo(61774)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61774"}, {"name": "IZ82630", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82630"}, {"name": "41446", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41446"}, {"name": "IZ83909", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83909"}, {"name": "IZ83975", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83975"}, {"name": "1024430", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1024430"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3405", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IZ82245", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82245"}, {"name": "IZ83942", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83942"}, {"name": "ADV-2010-2377", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2377"}, {"name": "oval:org.mitre.oval:def:12214", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214"}, {"name": "43207", "refsource": "BID", "url": "http://www.securityfocus.com/bid/43207"}, {"name": "IZ84167", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ84167"}, {"name": "IZ81819", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ81819"}, {"name": "ibm-aix-sasnap-bo(61774)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61774"}, {"name": "IZ82630", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82630"}, {"name": "41446", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41446"}, {"name": "IZ83909", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83909"}, {"name": "IZ83975", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83975"}, {"name": "1024430", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024430"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3405", "datePublished": "2010-09-16T20:00:00", "dateReserved": "2010-09-16T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:vios:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "DFF79665-519F-46FE-A3AB-41FFAB5429EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:vios:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A37C3C90-ED84-437F-AE68-57D09BF6999A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en sa_snap en el conjunto de archivos bos.esagent en IBM AIX v6.1, v5.3, y anteriores y VIOS v2.1, v1.5 y anteriores permite a usuarios locales aprovecharse de la pertenencia al grupo sistema y obtener privilegios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2010-3405", "lastModified": "2018-11-28T17:13:09.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-16T21:00:01.607", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/41446"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1024430"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ81819"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82245"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82630"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83909"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83942"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83975"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ84167"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/43207"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2377"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61774"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}