CVE

Id
58088  
CVE No.
CVE-2012-4845  
Status
Candidate  
Description
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.  
Phase
Assigned (20120906)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
597081 58088 CVE-2012-4845 CONFIRM:http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc  View
597082 58088 CVE-2012-4845 AIXAPAR:IV23331  View
597083 58088 CVE-2012-4845 URL:http://www.ibm.com/support/docview.wss?uid=isg1IV23331  View
597084 58088 CVE-2012-4845 AIXAPAR:IV28715  View
597085 58088 CVE-2012-4845 URL:http://www.ibm.com/support/docview.wss?uid=isg1IV28715  View
597086 58088 CVE-2012-4845 AIXAPAR:IV28785  View
597087 58088 CVE-2012-4845 URL:http://www.ibm.com/support/docview.wss?uid=isg1IV28785  View
597088 58088 CVE-2012-4845 AIXAPAR:IV28787  View
597089 58088 CVE-2012-4845 URL:http://www.ibm.com/support/docview.wss?uid=isg1IV28787  View
597090 58088 CVE-2012-4845 BID:56134  View
597091 58088 CVE-2012-4845 URL:http://www.securityfocus.com/bid/56134  View
597092 58088 CVE-2012-4845 OVAL:oval:org.mitre.oval:def:19695  View
597093 58088 CVE-2012-4845 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:19695  View
597094 58088 CVE-2012-4845 XF:aix-ftp-setuid(79279)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
29648 JVNDB-2012-005355 IBM WebSphere Application Server の Liberty Profile における権限を取得される脆弱性 IBM WebSphere Application Server の Liberty Profile には、JAX-RS を使用している際に、適切にリクエストを検証しないため、権限を取得される脆弱性が存在します。 CVE-2012-4850 58088 7.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005355.html  View