CVE Vulnerabilities

CVE-2014-3074

Published: Jul 02, 2014 | Modified: Aug 31, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.

Affected Software

Name Vendor Start Version End Version
Vios Ibm 2.2.0.13 2.2.0.13
Vios Ibm 2.2.1.0 2.2.1.0
Vios Ibm 2.2.0.11 2.2.0.11
Aix Ibm 7.1 7.1
Vios Ibm 2.2.0.12 2.2.0.12
Aix Ibm 6.1 6.1
Vios Ibm 2.2.1.1 2.2.1.1
Vios Ibm 2.2.1.3 2.2.1.3
Vios Ibm 2.2.0.10 2.2.0.10
Vios Ibm 2.2.3.2 2.2.3.2
Vios Ibm 2.2.1.8 2.2.1.8
Vios Ibm 2.2.2.4 2.2.2.4
Vios Ibm 2.2.1.4 2.2.1.4
Vios Ibm 2.2.1.4 2.2.1.4
Vios Ibm 2.2.3.0 2.2.3.0
Vios Ibm 2.2.3.3 2.2.3.3
Vios Ibm 2.2.2.5 2.2.2.5
Vios Ibm 2.2.1.9 2.2.1.9
Vios Ibm 2.2.2.0 2.2.2.0

References