CVE-2008-1593 - OpenCVE

The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:6.1:::::::*

No data.

References

Link	Providers
http://securitytracker.com/id?1019606
http://www.ibm.com/support/docview.wss?uid=isg1IZ11820
http://www.ibm.com/support/docview.wss?uid=isg1IZ12794
http://www.ibm.com/support/docview.wss?uid=isg1IZ16992
http://www.ibm.com/support/docview.wss?uid=isg1IZ17111
http://www.securityfocus.com/bid/28467
http://www.vupen.com/english/advisories/2008/0865
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4595

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-31T23:00:00

Updated: 2024-08-07T08:24:42.897Z

Reserved: 2008-03-31T00:00:00

Link: CVE-2008-1593

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-31T23:44:00.000

Modified: 2017-09-29T01:30:46.910

Link: CVE-2008-1593

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153"}, {"name": "28467", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28467"}, {"name": "1019606", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1019606"}, {"name": "IZ12794", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ12794"}, {"name": "IZ16992", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ16992"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155"}, {"name": "IZ17111", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ17111"}, {"name": "IZ11820", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ11820"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154"}, {"name": "oval:org.mitre.oval:def:4595", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4595"}, {"name": "ADV-2008-0865", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0865"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1593", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153", "refsource": "CONFIRM", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153"}, {"name": "28467", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28467"}, {"name": "1019606", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019606"}, {"name": "IZ12794", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ12794"}, {"name": "IZ16992", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ16992"}, {"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155", "refsource": "CONFIRM", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155"}, {"name": "IZ17111", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ17111"}, {"name": "IZ11820", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ11820"}, {"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154", "refsource": "CONFIRM", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154"}, {"name": "oval:org.mitre.oval:def:4595", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4595"}, {"name": "ADV-2008-0865", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0865"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:24:42.897Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153"}, {"name": "28467", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28467"}, {"name": "1019606", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1019606"}, {"name": "IZ12794", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ12794"}, {"name": "IZ16992", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ16992"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155"}, {"name": "IZ17111", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ17111"}, {"name": "IZ11820", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ11820"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154"}, {"name": "oval:org.mitre.oval:def:4595", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4595"}, {"name": "ADV-2008-0865", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0865"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1593", "datePublished": "2008-03-31T23:00:00", "dateReserved": "2008-03-31T00:00:00", "dateUpdated": "2024-08-07T08:24:42.897Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function."}, {"lang": "es", "value": "La caracter\u00edstica de checkpoint (punto de comprobaci\u00f3n) y restart (reinicio) en el kernel de IBM AIX 5.2, 5.3 y 6.1 no protege adecuadamente la memoria del kernel, lo que permite a usuarios locales leer y modificar porciones de memoria y obtener privilegios a trav\u00e9s de vectores no especificados que implican un reinicio de un proceso de 64 bits, probablemente relacionado con la funci\u00f3n as_getadsp64."}], "id": "CVE-2008-1593", "lastModified": "2017-09-29T01:30:46.910", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-31T23:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1019606"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ11820"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ12794"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ16992"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ17111"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/28467"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0865"}, {"source": "cve@mitre.org", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153"}, {"source": "cve@mitre.org", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154"}, {"source": "cve@mitre.org", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4595"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}