CVE Vulnerabilities

CVE-2012-4845

Published: Oct 20, 2012 | Modified: Aug 31, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:L/Au:S/C:C/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.

Affected Software

Name Vendor Start Version End Version
Aix Ibm 7.1 7.1
Aix Ibm 6.1 6.1
Vios Ibm 2.2.1.4 2.2.1.4

References