CVE-2008-0585 - OpenCVE

sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to "alter the behavior of" this client by overwriting these files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact None

AV:L/AC:L/Au:N/C:C/I:C/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/28609
http://www.ibm.com/support/docview.wss?uid=isg1IY97257
http://www.securityfocus.com/bid/27433
http://www.vupen.com/english/advisories/2008/0261
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066
https://exchange.xforce.ibmcloud.com/vulnerabilities/39906

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-02-05T02:00:00

Updated: 2024-08-07T07:54:21.715Z

Reserved: 2008-02-04T00:00:00

Link: CVE-2008-0585

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-02-05T03:00:00.000

Modified: 2017-08-08T01:29:40.213

Link: CVE-2008-0585

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to \"alter the behavior of\" this client by overwriting these files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "28609", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28609"}, {"name": "27433", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27433"}, {"name": "aix-websm-insecure-permissions(39906)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39906"}, {"name": "ADV-2008-0261", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0261"}, {"name": "IY97257", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IY97257"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0585", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to \"alter the behavior of\" this client by overwriting these files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "28609", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28609"}, {"name": "27433", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27433"}, {"name": "aix-websm-insecure-permissions(39906)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39906"}, {"name": "ADV-2008-0261", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0261"}, {"name": "IY97257", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IY97257"}, {"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066", "refsource": "CONFIRM", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:54:21.715Z"}, "title": "CVE Program Container", "references": [{"name": "28609", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28609"}, {"name": "27433", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27433"}, {"name": "aix-websm-insecure-permissions(39906)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39906"}, {"name": "ADV-2008-0261", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0261"}, {"name": "IY97257", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IY97257"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0585", "datePublished": "2008-02-05T02:00:00", "dateReserved": "2008-02-04T00:00:00", "dateUpdated": "2024-08-07T07:54:21.715Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to \"alter the behavior of\" this client by overwriting these files."}, {"lang": "es", "value": "sysmgt.websm.webaccess en IBM AIX 5.2 y 5.3 tiene permisos de escritura para ficheros no espedificados del cliente remoto WebSM, lo cual permite a usuarios locales \"cambiar el comportamiento\" de este cliente sobrescribiendo esos ficheros."}], "id": "CVE-2008-0585", "lastModified": "2017-08-08T01:29:40.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-02-05T03:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28609"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IY97257"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27433"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0261"}, {"source": "cve@mitre.org", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39906"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}