CVE-2001-1079

create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/aix/2001-q3/0000.html	Patch Vendor Advisory
http://www.osvdb.org/5473
https://exchange.xforce.ibmcloud.com/vulnerabilities/8923
http://archives.neohapsis.com/archives/aix/2001-q3/0000.html	Patch Vendor Advisory
http://www.osvdb.org/5473
https://exchange.xforce.ibmcloud.com/vulnerabilities/8923

Configurations

Configuration 1 (hide)

cpe:2.3:o:ibm:aix:3.2.0:*:*:*:*:*:*:*

History

20 Nov 2024, 23:36

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/aix/2001-q3/0000.html - Patch, Vendor Advisory~~	() http://archives.neohapsis.com/archives/aix/2001-q3/0000.html - Patch, Vendor Advisory
References	~~() http://www.osvdb.org/5473 -~~	() http://www.osvdb.org/5473 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/8923 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/8923 -

Information

Published : 2002-02-13 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2001-1079

Mitre link : CVE-2001-1079

CVE.ORG link : CVE-2001-1079

JSON object : View

Products Affected

ibm

aix

CWE

NVD-CWE-Other

{"id": "CVE-2001-1079", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2002-02-13T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/aix/2001-q3/0000.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/5473", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8923", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/aix/2001-q3/0000.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/5473", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8923", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service."}, {"lang": "es", "value": "create_keyfiles en PSSP 3.2 con autentificaci\u00f3n DCE 3.1 en sistemas AIX 3.2.0 crea los directorios de ficheros de claves con permisos de escritura para todo el mundo, lo cual permite que un usuario local borre esos ficheros y provoque una denegaci\u00f3n del servicio."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52E2640B-D116-4CB1-A2B8-648AE716D40A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}