National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:ibm:aix:5.3.0
There are 23 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2011-1384

The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.

Published: January 03, 2012; 10:55:04 PM -05:00
V2: 4.0 MEDIUM
CVE-2010-1124

bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors, as demonstrated by IBM DB2 crashes on "systems with databases cataloged with alternate servers using IP addresses."

Published: March 26, 2010; 02:30:00 PM -04:00
V2: 7.8 HIGH
CVE-2009-3699

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

Published: October 15, 2009; 06:30:01 AM -04:00
V2: 10.0 HIGH
CVE-2009-3517

nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.

Published: October 01, 2009; 11:30:00 AM -04:00
V2: 10.0 HIGH
CVE-2009-3516

gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.

Published: October 01, 2009; 11:30:00 AM -04:00
V2: 7.2 HIGH
CVE-2009-2727

Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.

Published: August 10, 2009; 07:30:00 PM -04:00
V2: 9.3 HIGH
CVE-2009-0536

at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.

Published: February 11, 2009; 03:30:00 PM -05:00
V2: 4.9 MEDIUM
CVE-2007-6717

Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.

Published: September 10, 2008; 09:04:27 PM -04:00
V2: 7.2 HIGH
CVE-2007-3680

Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable.

Published: July 11, 2007; 01:30:00 PM -04:00
V2: 7.2 HIGH
CVE-2007-0618

Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."

Published: January 31, 2007; 06:28:00 AM -05:00
V2: 7.5 HIGH
CVE-2006-6914

Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.

Published: December 31, 2006; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2006-6915

ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.

Published: December 31, 2006; 12:00:00 AM -05:00
V2: 4.0 MEDIUM
CVE-2006-5003

Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors.

Published: September 26, 2006; 09:07:00 PM -04:00
V2: 7.2 HIGH
CVE-2006-5004

Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors.

Published: September 26, 2006; 09:07:00 PM -04:00
V2: 2.1 LOW
CVE-2006-5005

Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login.

Published: September 26, 2006; 09:07:00 PM -04:00
V2: 7.2 HIGH
CVE-2006-5006

Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument.

Published: September 26, 2006; 09:07:00 PM -04:00
V2: 7.2 HIGH
CVE-2006-5007

Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.

Published: September 26, 2006; 09:07:00 PM -04:00
V2: 4.6 MEDIUM
CVE-2006-5008

Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.

Published: September 26, 2006; 09:07:00 PM -04:00
V2: 10.0 HIGH
CVE-2006-5009

Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overflow.

Published: September 26, 2006; 09:07:00 PM -04:00
V2: 7.2 HIGH
CVE-2006-5010

Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program.

Published: September 26, 2006; 09:07:00 PM -04:00
V2: 7.2 HIGH