CVE-2015-5005
high
CVSS v3
—
CVSS v2
8.5
VIR risk
8.5
Description
CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.asc
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | powerha_system_mirror | | |
References
- http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.asc
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV76943
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV76946
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV77007
- http://www.securityfocus.com/bid/76948
- http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.asc
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV76943
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV76946
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV77007
- http://www.securityfocus.com/bid/76948
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.