CVE-2008-2515

Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc	Vendor Advisory
http://secunia.com/advisories/30349	Vendor Advisory
http://securitytracker.com/id?1020085
http://www.ibm.com/support/docview.wss?uid=isg1IZ20635	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ21506	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ22349	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ22350	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ22351	Patch Vendor Advisory
http://www.securityfocus.com/bid/29325	Patch
http://www.vupen.com/english/advisories/2008/1626/references	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42579
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5424
http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc	Vendor Advisory
http://secunia.com/advisories/30349	Vendor Advisory
http://securitytracker.com/id?1020085
http://www.ibm.com/support/docview.wss?uid=isg1IZ20635	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ21506	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ22349	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ22350	Patch
http://www.ibm.com/support/docview.wss?uid=isg1IZ22351	Patch Vendor Advisory
http://www.securityfocus.com/bid/29325	Patch
http://www.vupen.com/english/advisories/2008/1626/references	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42579
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5424

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:6.1:::::::*

History

21 Nov 2024, 00:47

Type	Values Removed	Values Added
References	~~() http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc - Vendor Advisory~~	() http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc - Vendor Advisory
References	~~() http://secunia.com/advisories/30349 - Vendor Advisory~~	() http://secunia.com/advisories/30349 - Vendor Advisory
References	~~() http://securitytracker.com/id?1020085 -~~	() http://securitytracker.com/id?1020085 -
References	~~() http://www.ibm.com/support/docview.wss?uid=isg1IZ20635 - Patch~~	() http://www.ibm.com/support/docview.wss?uid=isg1IZ20635 - Patch
References	~~() http://www.ibm.com/support/docview.wss?uid=isg1IZ21506 - Patch~~	() http://www.ibm.com/support/docview.wss?uid=isg1IZ21506 - Patch
References	~~() http://www.ibm.com/support/docview.wss?uid=isg1IZ22349 - Patch~~	() http://www.ibm.com/support/docview.wss?uid=isg1IZ22349 - Patch
References	~~() http://www.ibm.com/support/docview.wss?uid=isg1IZ22350 - Patch~~	() http://www.ibm.com/support/docview.wss?uid=isg1IZ22350 - Patch
References	~~() http://www.ibm.com/support/docview.wss?uid=isg1IZ22351 - Patch, Vendor Advisory~~	() http://www.ibm.com/support/docview.wss?uid=isg1IZ22351 - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/29325 - Patch~~	() http://www.securityfocus.com/bid/29325 - Patch
References	~~() http://www.vupen.com/english/advisories/2008/1626/references - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2008/1626/references - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/42579 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/42579 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5424 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5424 -

Information

Published : 2008-06-02 21:30

Updated : 2025-04-09 00:30

NVD link : CVE-2008-2515

Mitre link : CVE-2008-2515

CVE.ORG link : CVE-2008-2515

JSON object : View

Products Affected

ibm

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2008-2515", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-06-02T21:30:00.000", "references": [{"url": "http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30349", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1020085", "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ20635", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ21506", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22349", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22350", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22351", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29325", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1626/references", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42579", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5424", "source": "cve@mitre.org"}, {"url": "http://aix.software.ibm.com/aix/efixes/security/iostat_advisory.asc", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/30349", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1020085", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ20635", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ21506", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22349", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22350", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22351", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/29325", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1626/references", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42579", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5424", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an \"environment variable handling error.\""}, {"lang": "es", "value": "Una vulnerabilidad no especificada en iostat en IBM AIX versiones 5.2, 5.3 y 6.1 permite a los usuarios locales alcanzar privilegios por medio de vectores desconocidos relacionados con un \"environment variable handling error.\""}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B"}, {"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507"}, {"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10