CVE-2013-5419
medium
CVSS v3
—
CVSS v2
6.9
VIR risk
6.9
Description
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc
References
- http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc
- http://www.ibm.com/support/docview.wss?uid=isg1IV47427
- http://www.ibm.com/support/docview.wss?uid=isg1IV47428
- http://www.ibm.com/support/docview.wss?uid=isg1IV47429
- http://www.ibm.com/support/docview.wss?uid=isg1IV47430
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87481
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18775
- http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc
- http://www.ibm.com/support/docview.wss?uid=isg1IV47427
- http://www.ibm.com/support/docview.wss?uid=isg1IV47428
- http://www.ibm.com/support/docview.wss?uid=isg1IV47429
- http://www.ibm.com/support/docview.wss?uid=isg1IV47430
- https://exchange.xforce.ibmcloud.com/vulnerabilities/87481
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18775
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.