CVE-2008-2515 - OpenCVE

Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:6.1:::::::*

No data.

References

Link	Providers
http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc
http://secunia.com/advisories/30349
http://securitytracker.com/id?1020085
http://www.ibm.com/support/docview.wss?uid=isg1IZ20635
http://www.ibm.com/support/docview.wss?uid=isg1IZ21506
http://www.ibm.com/support/docview.wss?uid=isg1IZ22349
http://www.ibm.com/support/docview.wss?uid=isg1IZ22350
http://www.ibm.com/support/docview.wss?uid=isg1IZ22351
http://www.securityfocus.com/bid/29325
http://www.vupen.com/english/advisories/2008/1626/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42579
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5424

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-06-02T14:00:00

Updated: 2024-08-07T09:05:29.903Z

Reserved: 2008-06-02T00:00:00

Link: CVE-2008-2515

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-06-02T21:30:00.000

Modified: 2017-09-29T01:31:12.117

Link: CVE-2008-2515

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-21T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an \"environment variable handling error.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30349", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30349"}, {"name": "IZ22350", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22350"}, {"name": "IZ20635", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ20635"}, {"name": "ibm-aix-setuidroot-iostat-bo(42579)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42579"}, {"name": "ADV-2008-1626", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1626/references"}, {"name": "IZ21506", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ21506"}, {"name": "29325", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29325"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc"}, {"name": "IZ22349", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22349"}, {"name": "IZ22351", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22351"}, {"name": "1020085", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1020085"}, {"name": "oval:org.mitre.oval:def:5424", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5424"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2515", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an \"environment variable handling error.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30349", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30349"}, {"name": "IZ22350", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22350"}, {"name": "IZ20635", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ20635"}, {"name": "ibm-aix-setuidroot-iostat-bo(42579)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42579"}, {"name": "ADV-2008-1626", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1626/references"}, {"name": "IZ21506", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ21506"}, {"name": "29325", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29325"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc"}, {"name": "IZ22349", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22349"}, {"name": "IZ22351", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22351"}, {"name": "1020085", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1020085"}, {"name": "oval:org.mitre.oval:def:5424", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5424"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:05:29.903Z"}, "title": "CVE Program Container", "references": [{"name": "30349", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30349"}, {"name": "IZ22350", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22350"}, {"name": "IZ20635", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ20635"}, {"name": "ibm-aix-setuidroot-iostat-bo(42579)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42579"}, {"name": "ADV-2008-1626", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1626/references"}, {"name": "IZ21506", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ21506"}, {"name": "29325", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29325"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc"}, {"name": "IZ22349", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22349"}, {"name": "IZ22351", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22351"}, {"name": "1020085", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1020085"}, {"name": "oval:org.mitre.oval:def:5424", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5424"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2515", "datePublished": "2008-06-02T14:00:00", "dateReserved": "2008-06-02T00:00:00", "dateUpdated": "2024-08-07T09:05:29.903Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an \"environment variable handling error.\""}, {"lang": "es", "value": "Una vulnerabilidad no especificada en iostat en IBM AIX versiones 5.2, 5.3 y 6.1 permite a los usuarios locales alcanzar privilegios por medio de vectores desconocidos relacionados con un \"environment variable handling error.\""}], "id": "CVE-2008-2515", "lastModified": "2017-09-29T01:31:12.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-06-02T21:30:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30349"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1020085"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ20635"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ21506"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22349"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22350"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22351"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/29325"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1626/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42579"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5424"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}