CVE-2009-0536 - OpenCVE

at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:5.2.0:::::::*
	cpe:2.3:o:ibm:aix:5.3.0:::::::*
	cpe:2.3:o:ibm:aix:5.3.7:::::::*
	cpe:2.3:o:ibm:aix:5.3.8:::::::*
	cpe:2.3:o:ibm:aix:5.3.9:::::::*
	cpe:2.3:o:ibm:aix:6.1.0:::::::*
	cpe:2.3:o:ibm:aix:6.1.1:::::::*
	cpe:2.3:o:ibm:aix:6.1.2:::::::*

No data.

References

Link	Providers
http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc
http://osvdb.org/51952
http://secunia.com/advisories/33915
http://www.ibm.com/support/docview.wss?uid=isg1IZ43452
http://www.ibm.com/support/docview.wss?uid=isg1IZ43453
http://www.ibm.com/support/docview.wss?uid=isg1IZ43454
http://www.ibm.com/support/docview.wss?uid=isg1IZ43455
http://www.ibm.com/support/docview.wss?uid=isg1IZ43456
http://www.ibm.com/support/docview.wss?uid=isg1IZ43457
http://www.ibm.com/support/docview.wss?uid=isg1IZ43458
http://www.ibm.com/support/docview.wss?uid=isg1IZ43459
http://www.securityfocus.com/bid/33730
http://www.securitytracker.com/id?1021704
http://www.vupen.com/english/advisories/2009/0405
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558
https://exchange.xforce.ibmcloud.com/vulnerabilities/48660
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6155

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-11T20:00:00

Updated: 2024-08-07T04:40:03.745Z

Reserved: 2009-02-11T00:00:00

Link: CVE-2009-0536

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-02-11T20:30:00.640

Modified: 2017-09-29T01:33:52.230

Link: CVE-2009-0536

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-10T00:00:00", "descriptions": [{"lang": "en", "value": "at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:6155", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6155"}, {"name": "IZ43452", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43452"}, {"name": "IZ43459", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43459"}, {"name": "51952", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/51952"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc"}, {"name": "IZ43456", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43456"}, {"name": "1021704", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021704"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558"}, {"name": "33730", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33730"}, {"name": "ADV-2009-0405", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0405"}, {"name": "IZ43453", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43453"}, {"name": "IZ43455", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43455"}, {"name": "IZ43454", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43454"}, {"name": "ibm-aix-at-information-disclosure(48660)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48660"}, {"name": "IZ43458", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43458"}, {"name": "33915", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33915"}, {"name": "IZ43457", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43457"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0536", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:6155", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6155"}, {"name": "IZ43452", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43452"}, {"name": "IZ43459", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43459"}, {"name": "51952", "refsource": "OSVDB", "url": "http://osvdb.org/51952"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc"}, {"name": "IZ43456", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43456"}, {"name": "1021704", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1021704"}, {"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558", "refsource": "CONFIRM", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558"}, {"name": "33730", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33730"}, {"name": "ADV-2009-0405", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0405"}, {"name": "IZ43453", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43453"}, {"name": "IZ43455", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43455"}, {"name": "IZ43454", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43454"}, {"name": "ibm-aix-at-information-disclosure(48660)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48660"}, {"name": "IZ43458", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43458"}, {"name": "33915", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33915"}, {"name": "IZ43457", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43457"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:40:03.745Z"}, "title": "CVE Program Container", "references": [{"name": "oval:org.mitre.oval:def:6155", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6155"}, {"name": "IZ43452", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43452"}, {"name": "IZ43459", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43459"}, {"name": "51952", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/51952"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc"}, {"name": "IZ43456", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43456"}, {"name": "1021704", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1021704"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558"}, {"name": "33730", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33730"}, {"name": "ADV-2009-0405", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0405"}, {"name": "IZ43453", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43453"}, {"name": "IZ43455", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43455"}, {"name": "IZ43454", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43454"}, {"name": "ibm-aix-at-information-disclosure(48660)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48660"}, {"name": "IZ43458", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43458"}, {"name": "33915", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33915"}, {"name": "IZ43457", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43457"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0536", "datePublished": "2009-02-11T20:00:00", "dateReserved": "2009-02-11T00:00:00", "dateUpdated": "2024-08-07T04:40:03.745Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A8A7DBFF-B11B-47EC-9E52-C12B156739D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A6DE57C2-E728-4016-9774-28FB4B0509AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "57B11497-5622-4759-906A-A93A3E815584", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "1F9CD013-D904-45DF-AD43-493A22D5744B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "307B47F5-D903-4763-A353-2538AFD6C9CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF417123-CCB6-48AF-A21B-1974173D516B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "362CFB2F-817A-4E55-A315-86B6243E3F74", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "53544921-1C1A-4382-99D7-0F3011BA76DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges."}, {"lang": "es", "value": "at en bos.rte.cron sobre IBM AIX v5.2.0, v5.3.0 a la v 5.3.9 y de la v6.1.0 a la 6.1.2, permite a usuarios locales leer ficheros de su elecci\u00f3n a trav\u00e9s de vectores sin especificar, relacionado con el fallo al quitar privilegios de root (administrador)."}], "id": "CVE-2009-0536", "lastModified": "2017-09-29T01:33:52.230", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-02-11T20:30:00.640", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/at_advisory.asc"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/51952"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33915"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43452"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43453"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43454"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43455"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43456"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43457"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43458"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ43459"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/33730"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1021704"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/0405"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4558"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48660"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6155"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}