CVE-2016-8972

high

Published 2017-02-15 · Modified 2026-05-13

CVSS v3

7.8

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.2

VIR risk

7.8

Description

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc

Exploits

Exploit-DB

EDB-40950 · local · aix

Application impact

Vendor	Product	Versions
ibm	vios	`2.2.1.5`
ibm	vios	`2.2.1.6`
ibm	vios	`2.2.1.7`
ibm	vios	`2.2.1.8`
ibm	vios	`2.2.0.0`
ibm	vios	`2.2.0.10`
ibm	vios	`2.2.0.11`
ibm	vios	`2.2.0.12`
ibm	vios	`2.2.0.13`
ibm	vios	`2.2.1.0`
ibm	vios	`2.2.1.1`
ibm	vios	`2.2.1.3`
ibm	vios	`2.2.1.4`
ibm	vios	`2.2.2.0`
ibm	vios	`2.2.2.1`
ibm	vios	`2.2.2.2`
ibm	vios	`2.2.2.3`
ibm	vios	`2.2.2.4`
ibm	vios	`2.2.2.6`
ibm	vios	`2.2.2.70`
ibm	vios	`2.2.3.0`
ibm	vios	`2.2.3.1`
ibm	vios	`2.2.3.2`
ibm	vios	`2.2.3.3`
ibm	vios	`2.2.3.4`
ibm	vios	`2.2.3.50`
ibm	vios	`2.2.3.51`
ibm	vios	`2.2.3.52`
ibm	vios	`2.2.3.60`
ibm	vios	`2.2.3.70`
ibm	vios	`2.2.3.80`
ibm	vios	`2.2.4.0`
ibm	vios	`2.2.4.10`
ibm	vios	`2.2.4.21`
ibm	vios	`2.2.4.22`
ibm	vios	`2.2.4.23`
ibm	vios	`2.2.4.30`
ibm	vios	`2.2.5.0`
ibm	vios	`2.2.5.10`

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.