CVE-2013-4011 - OpenCVE

Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix Vios

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:6.1:::::::*
	cpe:2.3:o:ibm:aix:7.1:::::::*
	cpe:2.3:o:ibm:vios:2.2.2.2:fp-26_sp-02::::::

No data.

References

Link	Providers
http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc
http://osvdb.org/95419
http://osvdb.org/95420
http://secunia.com/advisories/54215
http://www.ibm.com/support/docview.wss?uid=isg1IV43561
http://www.ibm.com/support/docview.wss?uid=isg1IV43562
http://www.ibm.com/support/docview.wss?uid=isg1IV43580
http://www.ibm.com/support/docview.wss?uid=isg1IV43582
http://www.ibm.com/support/docview.wss?uid=isg1IV43756
http://www.ibm.com/support/docview.wss?uid=isg1IV43827
http://www.securityfocus.com/bid/61287
http://www.securitytracker.com/id/1028792
https://exchange.xforce.ibmcloud.com/vulnerabilities/85617
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2013-07-18T16:00:00

Updated: 2024-08-06T16:30:49.435Z

Reserved: 2013-06-07T00:00:00

Link: CVE-2013-4011

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-07-18T16:51:55.827

Modified: 2017-09-19T01:36:45.763

Link: CVE-2013-4011

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "54215", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/54215"}, {"name": "IV43562", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43562"}, {"name": "1028792", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1028792"}, {"name": "aix-cve20134011-infiniband(85617)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85617"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc"}, {"name": "IV43580", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43580"}, {"name": "oval:org.mitre.oval:def:19167", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167"}, {"name": "IV43827", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43827"}, {"name": "95419", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/95419"}, {"name": "IV43561", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43561"}, {"name": "95420", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/95420"}, {"name": "IV43582", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43582"}, {"name": "IV43756", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43756"}, {"name": "61287", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/61287"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-4011", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "54215", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54215"}, {"name": "IV43562", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43562"}, {"name": "1028792", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1028792"}, {"name": "aix-cve20134011-infiniband(85617)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85617"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc"}, {"name": "IV43580", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43580"}, {"name": "oval:org.mitre.oval:def:19167", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167"}, {"name": "IV43827", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43827"}, {"name": "95419", "refsource": "OSVDB", "url": "http://osvdb.org/95419"}, {"name": "IV43561", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43561"}, {"name": "95420", "refsource": "OSVDB", "url": "http://osvdb.org/95420"}, {"name": "IV43582", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43582"}, {"name": "IV43756", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43756"}, {"name": "61287", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61287"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:30:49.435Z"}, "title": "CVE Program Container", "references": [{"name": "54215", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/54215"}, {"name": "IV43562", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43562"}, {"name": "1028792", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1028792"}, {"name": "aix-cve20134011-infiniband(85617)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85617"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc"}, {"name": "IV43580", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43580"}, {"name": "oval:org.mitre.oval:def:19167", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167"}, {"name": "IV43827", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43827"}, {"name": "95419", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/95419"}, {"name": "IV43561", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43561"}, {"name": "95420", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/95420"}, {"name": "IV43582", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43582"}, {"name": "IV43756", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43756"}, {"name": "61287", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/61287"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-4011", "datePublished": "2013-07-18T16:00:00", "dateReserved": "2013-06-07T00:00:00", "dateUpdated": "2024-08-06T16:30:49.435Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "0402E20C-8B41-4A2A-BFF9-92EC843985F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:vios:2.2.2.2:fp-26_sp-02:*:*:*:*:*:*", "matchCriteriaId": "C2835AAF-1995-4724-A26F-90E6F610BC6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en el InfiniBand subsystem en IBM AIX 6.1 y 7.1, y VIOS v2.2.2.2-FP-26 SP-02, permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores relacionados (1) arp.ib o (2) ibstat."}], "id": "CVE-2013-4011", "lastModified": "2017-09-19T01:36:45.763", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-07-18T16:51:55.827", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc"}, {"source": "psirt@us.ibm.com", "url": "http://osvdb.org/95419"}, {"source": "psirt@us.ibm.com", "url": "http://osvdb.org/95420"}, {"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/54215"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43561"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43562"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43580"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43582"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43756"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43827"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/61287"}, {"source": "psirt@us.ibm.com", "url": "http://www.securitytracker.com/id/1028792"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85617"}, {"source": "psirt@us.ibm.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}