OpenCVE

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:6.1:::::::*

No data.

References

Link	Providers
http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815
http://secunia.com/advisories/36156
http://www.ibm.com/support/docview.wss?uid=isg1IZ54090
http://www.ibm.com/support/docview.wss?uid=isg1IZ54091
http://www.ibm.com/support/docview.wss?uid=isg1IZ54593
http://www.ibm.com/support/docview.wss?uid=isg1IZ56203
http://www.ibm.com/support/docview.wss?uid=isg1IZ56204
http://www.ibm.com/support/docview.wss?uid=isg1IZ56205
http://www.ibm.com/support/docview.wss?uid=isg1IZ56206
http://www.securityfocus.com/bid/35934
http://www.vupen.com/english/advisories/2009/2151

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-05T19:00:00

Updated: 2024-08-07T05:59:56.276Z

Reserved: 2009-08-05T00:00:00

Link: CVE-2009-2669

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-08-05T19:30:01.127

Modified: 2024-11-21T01:05:27.093

Link: CVE-2009-2669

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-04T00:00:00", "descriptions": [{"lang": "en", "value": "A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-08-12T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "IZ54593", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54593"}, {"name": "IZ56204", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56204"}, {"name": "36156", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36156"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc"}, {"name": "IZ56203", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56203"}, {"name": "IZ54090", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54090"}, {"name": "IZ54091", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54091"}, {"name": "35934", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35934"}, {"name": "IZ56205", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56205"}, {"name": "ADV-2009-2151", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2151"}, {"name": "20090804 IBM AIX libC _LIB_INIT_DBG Arbitrary File Creation Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815"}, {"name": "IZ56206", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56206"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2669", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IZ54593", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54593"}, {"name": "IZ56204", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56204"}, {"name": "36156", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36156"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc"}, {"name": "IZ56203", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56203"}, {"name": "IZ54090", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54090"}, {"name": "IZ54091", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54091"}, {"name": "35934", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35934"}, {"name": "IZ56205", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56205"}, {"name": "ADV-2009-2151", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2151"}, {"name": "20090804 IBM AIX libC _LIB_INIT_DBG Arbitrary File Creation Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815"}, {"name": "IZ56206", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56206"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:59:56.276Z"}, "title": "CVE Program Container", "references": [{"name": "IZ54593", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54593"}, {"name": "IZ56204", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56204"}, {"name": "36156", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36156"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc"}, {"name": "IZ56203", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56203"}, {"name": "IZ54090", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54090"}, {"name": "IZ54091", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54091"}, {"name": "35934", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35934"}, {"name": "IZ56205", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56205"}, {"name": "ADV-2009-2151", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2151"}, {"name": "20090804 IBM AIX libC _LIB_INIT_DBG Arbitrary File Creation Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815"}, {"name": "IZ56206", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56206"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2669", "datePublished": "2009-08-05T19:00:00", "dateReserved": "2009-08-05T00:00:00", "dateUpdated": "2024-08-07T05:59:56.276Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1."}, {"lang": "es", "value": "Cierto componente de depuraci\u00f3n en IBM AIX v5.3 y v6.1 no proporciona la gesti\u00f3n de los entornos (1) _LIB_INIT_DBG y (2) _LIB_INIT_DBG_FILE, que permite a usuarios locales obtener privilegios utilizando para ello un programa setuid-root para crear un archivo root-owned a su elecci\u00f3n con permisos world-writable, relacionados con ibC.a (como la librer\u00eda XL C++ runtime) en AIX v5.3 y libc.a en AIX v6.1."}], "id": "CVE-2009-2669", "lastModified": "2024-11-21T01:05:27.093", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-05T19:30:01.127", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc"}, {"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36156"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54090"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54091"}, {"source": "cve@mitre.org", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54593"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56203"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56204"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56205"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56206"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/35934"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/2151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/36156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54090"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54091"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ54593"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56203"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56204"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ56206"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/35934"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/2151"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}