CVE-2010-3405 - OpenCVE

Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix Vios

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:6.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:ibm:vios:1.5:::::::*
	cpe:2.3:a:ibm:vios:2.1:::::::*

No data.

References

Link	Providers
http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc
http://secunia.com/advisories/41446
http://securitytracker.com/id?1024430
http://www.ibm.com/support/docview.wss?uid=isg1IZ81819
http://www.ibm.com/support/docview.wss?uid=isg1IZ82245
http://www.ibm.com/support/docview.wss?uid=isg1IZ82630
http://www.ibm.com/support/docview.wss?uid=isg1IZ83909
http://www.ibm.com/support/docview.wss?uid=isg1IZ83942
http://www.ibm.com/support/docview.wss?uid=isg1IZ83975
http://www.ibm.com/support/docview.wss?uid=isg1IZ84167
http://www.securityfocus.com/bid/43207
http://www.vupen.com/english/advisories/2010/2377
https://exchange.xforce.ibmcloud.com/vulnerabilities/61774
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-09-16T20:00:00

Updated: 2024-08-07T03:11:43.776Z

Reserved: 2010-09-16T00:00:00

Link: CVE-2010-3405

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2010-09-16T21:00:01.607

Modified: 2018-11-28T17:13:09.993

Link: CVE-2010-3405

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-13T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "IZ82245", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82245"}, {"name": "IZ83942", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83942"}, {"name": "ADV-2010-2377", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2377"}, {"name": "oval:org.mitre.oval:def:12214", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214"}, {"name": "43207", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/43207"}, {"name": "IZ84167", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ84167"}, {"name": "IZ81819", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ81819"}, {"name": "ibm-aix-sasnap-bo(61774)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61774"}, {"name": "IZ82630", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82630"}, {"name": "41446", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41446"}, {"name": "IZ83909", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83909"}, {"name": "IZ83975", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83975"}, {"name": "1024430", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1024430"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-3405", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "IZ82245", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82245"}, {"name": "IZ83942", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83942"}, {"name": "ADV-2010-2377", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2377"}, {"name": "oval:org.mitre.oval:def:12214", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214"}, {"name": "43207", "refsource": "BID", "url": "http://www.securityfocus.com/bid/43207"}, {"name": "IZ84167", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ84167"}, {"name": "IZ81819", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ81819"}, {"name": "ibm-aix-sasnap-bo(61774)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61774"}, {"name": "IZ82630", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82630"}, {"name": "41446", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41446"}, {"name": "IZ83909", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83909"}, {"name": "IZ83975", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83975"}, {"name": "1024430", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024430"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:11:43.776Z"}, "title": "CVE Program Container", "references": [{"name": "IZ82245", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82245"}, {"name": "IZ83942", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83942"}, {"name": "ADV-2010-2377", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2377"}, {"name": "oval:org.mitre.oval:def:12214", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214"}, {"name": "43207", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/43207"}, {"name": "IZ84167", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ84167"}, {"name": "IZ81819", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ81819"}, {"name": "ibm-aix-sasnap-bo(61774)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61774"}, {"name": "IZ82630", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82630"}, {"name": "41446", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41446"}, {"name": "IZ83909", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83909"}, {"name": "IZ83975", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83975"}, {"name": "1024430", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1024430"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-3405", "datePublished": "2010-09-16T20:00:00", "dateReserved": "2010-09-16T00:00:00", "dateUpdated": "2024-08-07T03:11:43.776Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:vios:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "DFF79665-519F-46FE-A3AB-41FFAB5429EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:vios:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A37C3C90-ED84-437F-AE68-57D09BF6999A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en sa_snap en el conjunto de archivos bos.esagent en IBM AIX v6.1, v5.3, y anteriores y VIOS v2.1, v1.5 y anteriores permite a usuarios locales aprovecharse de la pertenencia al grupo sistema y obtener privilegios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2010-3405", "lastModified": "2018-11-28T17:13:09.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-16T21:00:01.607", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/41446"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1024430"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ81819"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82245"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ82630"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83909"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83942"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ83975"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ84167"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/43207"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2377"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61774"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}