cvelistv5 - CVE-2007-4238

CVE-2007-4238

Vulnerability from cvelistv5

Published

2007-08-08 22:00

Modified

2024-08-07 14:46

Severity ?

Summary

AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.

References

▼	URL	Tags
	cve@mitre.org	http://osvdb.org/36782
	cve@mitre.org	http://secunia.com/advisories/26219
	cve@mitre.org	http://securitytracker.com/id?1018468
	cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=isg1IY79785
	cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=isg1IY79786
	cve@mitre.org	http://www.vupen.com/english/advisories/2007/2678
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/36782
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26219
	af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018468
	af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=isg1IY79785
	af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=isg1IY79786
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2678

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:46:39.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26219",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26219"
          },
          {
            "name": "IY79785",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY79785"
          },
          {
            "name": "1018468",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018468"
          },
          {
            "name": "36782",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/36782"
          },
          {
            "name": "IY79786",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY79786"
          },
          {
            "name": "ADV-2007-2678",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2678"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-07-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-08-15T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26219",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26219"
        },
        {
          "name": "IY79785",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY79785"
        },
        {
          "name": "1018468",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018468"
        },
        {
          "name": "36782",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/36782"
        },
        {
          "name": "IY79786",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY79786"
        },
        {
          "name": "ADV-2007-2678",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2678"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4238",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26219",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26219"
            },
            {
              "name": "IY79785",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY79785"
            },
            {
              "name": "1018468",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018468"
            },
            {
              "name": "36782",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/36782"
            },
            {
              "name": "IY79786",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY79786"
            },
            {
              "name": "ADV-2007-2678",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2678"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4238",
    "datePublished": "2007-08-08T22:00:00",
    "dateReserved": "2007-08-08T00:00:00",
    "dateUpdated": "2024-08-07T14:46:39.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-4238\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-08-08T22:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.\"},{\"lang\":\"es\",\"value\":\"AIX 5.2 y 5.3 instala pioinit como usuario y grupo bin, lo cual permite a usuario locales con privilegios de bin o posiblemente de printq  obtener las credenciales de root modificando el pioinit.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17EECCCB-D7D1-439A-9985-8FAE8B44487B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/36782\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26219\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1018468\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=isg1IY79785\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=isg1IY79786\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2678\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/36782\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1018468\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=isg1IY79785\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=isg1IY79786\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2678\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Action not permitted

CVE-2007-4238

Vulnerability from cvelistv5

gsd-2007-4238

Vulnerability from gsd

ghsa-rjgh-f2m3-ggcc

Vulnerability from github

Tags