CVE-2013-4011 - Vulnerability Details - OpenCVE

Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.08468.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix Vios

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:6.1:::::::*
	cpe:2.3:o:ibm:aix:7.1:::::::*
	cpe:2.3:o:ibm:vios:2.2.2.2:fp-26_sp-02::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2013-3942	Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc
http://osvdb.org/95419
http://osvdb.org/95420
http://secunia.com/advisories/54215
http://www.ibm.com/support/docview.wss?uid=isg1IV43561
http://www.ibm.com/support/docview.wss?uid=isg1IV43562
http://www.ibm.com/support/docview.wss?uid=isg1IV43580
http://www.ibm.com/support/docview.wss?uid=isg1IV43582
http://www.ibm.com/support/docview.wss?uid=isg1IV43756
http://www.ibm.com/support/docview.wss?uid=isg1IV43827
http://www.securityfocus.com/bid/61287
http://www.securitytracker.com/id/1028792
https://exchange.xforce.ibmcloud.com/vulnerabilities/85617
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2013-07-18T16:00:00

Updated: 2024-08-06T16:30:49.435Z

Reserved: 2013-06-07T00:00:00

Link: CVE-2013-4011

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-07-18T16:51:55.827

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-4011

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-07-16T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "54215", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/54215"}, {"name": "IV43562", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43562"}, {"name": "1028792", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1028792"}, {"name": "aix-cve20134011-infiniband(85617)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85617"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc"}, {"name": "IV43580", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43580"}, {"name": "oval:org.mitre.oval:def:19167", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167"}, {"name": "IV43827", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43827"}, {"name": "95419", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/95419"}, {"name": "IV43561", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43561"}, {"name": "95420", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/95420"}, {"name": "IV43582", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43582"}, {"name": "IV43756", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43756"}, {"name": "61287", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/61287"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-4011", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "54215", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/54215"}, {"name": "IV43562", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43562"}, {"name": "1028792", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1028792"}, {"name": "aix-cve20134011-infiniband(85617)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85617"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc"}, {"name": "IV43580", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43580"}, {"name": "oval:org.mitre.oval:def:19167", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167"}, {"name": "IV43827", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43827"}, {"name": "95419", "refsource": "OSVDB", "url": "http://osvdb.org/95419"}, {"name": "IV43561", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43561"}, {"name": "95420", "refsource": "OSVDB", "url": "http://osvdb.org/95420"}, {"name": "IV43582", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43582"}, {"name": "IV43756", "refsource": "AIXAPAR", "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43756"}, {"name": "61287", "refsource": "BID", "url": "http://www.securityfocus.com/bid/61287"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:30:49.435Z"}, "title": "CVE Program Container", "references": [{"name": "54215", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/54215"}, {"name": "IV43562", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43562"}, {"name": "1028792", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1028792"}, {"name": "aix-cve20134011-infiniband(85617)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85617"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc"}, {"name": "IV43580", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43580"}, {"name": "oval:org.mitre.oval:def:19167", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167"}, {"name": "IV43827", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43827"}, {"name": "95419", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/95419"}, {"name": "IV43561", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43561"}, {"name": "95420", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/95420"}, {"name": "IV43582", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43582"}, {"name": "IV43756", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43756"}, {"name": "61287", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/61287"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-4011", "datePublished": "2013-07-18T16:00:00", "dateReserved": "2013-06-07T00:00:00", "dateUpdated": "2024-08-06T16:30:49.435Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "0402E20C-8B41-4A2A-BFF9-92EC843985F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:vios:2.2.2.2:fp-26_sp-02:*:*:*:*:*:*", "matchCriteriaId": "C2835AAF-1995-4724-A26F-90E6F610BC6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en el InfiniBand subsystem en IBM AIX 6.1 y 7.1, y VIOS v2.2.2.2-FP-26 SP-02, permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores relacionados (1) arp.ib o (2) ibstat."}], "id": "CVE-2013-4011", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-07-18T16:51:55.827", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc"}, {"source": "psirt@us.ibm.com", "url": "http://osvdb.org/95419"}, {"source": "psirt@us.ibm.com", "url": "http://osvdb.org/95420"}, {"source": "psirt@us.ibm.com", "url": "http://secunia.com/advisories/54215"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43561"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43562"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43580"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43582"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43756"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43827"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/61287"}, {"source": "psirt@us.ibm.com", "url": "http://www.securitytracker.com/id/1028792"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85617"}, {"source": "psirt@us.ibm.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/95419"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/95420"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/54215"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43561"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43562"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43582"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43756"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV43827"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/61287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1028792"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85617"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19167"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}