Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-4353

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-15 Aug, 2007 | 00:00
Updated At-07 Aug, 2024 | 14:53
Rejected At-
Credits

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:15 Aug, 2007 | 00:00
Updated At:07 Aug, 2024 | 14:53
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2007/2860
vdb-entry
x_refsource_VUPEN
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00531
vendor-advisory
x_refsource_AIXAPAR
https://exchange.xforce.ibmcloud.com/vulnerabilities/35971
vdb-entry
x_refsource_XF
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01433
vendor-advisory
x_refsource_AIXAPAR
http://www.securitytracker.com/id?1018549
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/26420
third-party-advisory
x_refsource_SECUNIA
ftp://aix.software.ibm.com/aix/efixes/security/README
x_refsource_CONFIRM
http://www.securityfocus.com/bid/25270
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2007/2860
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00531
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35971
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01433
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www.securitytracker.com/id?1018549
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/26420
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: ftp://aix.software.ibm.com/aix/efixes/security/README
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/25270
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2007/2860
vdb-entry
x_refsource_VUPEN
x_transferred
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00531
vendor-advisory
x_refsource_AIXAPAR
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/35971
vdb-entry
x_refsource_XF
x_transferred
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01433
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www.securitytracker.com/id?1018549
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/26420
third-party-advisory
x_refsource_SECUNIA
x_transferred
ftp://aix.software.ibm.com/aix/efixes/security/README
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/25270
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/2860
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00531
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35971
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01433
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www.securitytracker.com/id?1018549
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/26420
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: ftp://aix.software.ibm.com/aix/efixes/security/README
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/25270
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:15 Aug, 2007 | 00:17
Updated At:29 Jul, 2017 | 01:32

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.9MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 6.9
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
IBM Corporation
ibm
>>aix>>5.2
cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>aix>>5.3
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
ftp://aix.software.ibm.com/aix/efixes/security/READMEcve@mitre.org
Patch
http://secunia.com/advisories/26420cve@mitre.org
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00531cve@mitre.org
N/A
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01433cve@mitre.org
N/A
http://www.securityfocus.com/bid/25270cve@mitre.org
N/A
http://www.securitytracker.com/id?1018549cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2007/2860cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/35971cve@mitre.org
N/A
Hyperlink: ftp://aix.software.ibm.com/aix/efixes/security/README
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://secunia.com/advisories/26420
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00531
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ01433
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/25270
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1018549
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2007/2860
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35971
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

66Records found
CVE-2011-4061
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.13% / 33.62%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2tivoli_monitoring_for_databasesn/a
CVE-2016-2867
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 10.73%
||
7 Day CHG~0.00%
Published-02 Jul, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_streamsstreamsn/a
CVE-2016-2985
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 10.73%
||
7 Day CHG~0.00%
Published-25 Nov, 2016 | 03:38
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.

Action-Not Available
Vendor-n/aIBM Corporation
Product-spectrum_scalegeneral_parallel_file_systemn/a
CVE-2011-1205
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 16.02%
||
7 Day CHG~0.00%
Published-29 Mar, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_clearquestrational_clearcaserational_common_licensingn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-5251
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 23.11%
||
7 Day CHG~0.00%
Published-07 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working directory, as demonstrated by a directory that contains a .vcf, .vcs, or .ics file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_notesn/a
CVE-2016-0226
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.09%
||
7 Day CHG~0.00%
Published-28 Mar, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.

Action-Not Available
Vendor-n/aIBM CorporationMicrosoft Corporation
Product-windowsinformix_dynamic_servern/a
CWE ID-CWE-284
Improper Access Control
CVE-2010-4236
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.36% / 57.76%
||
7 Day CHG~0.00%
Published-12 Nov, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895.

Action-Not Available
Vendor-n/aIBM Corporation
Product-omnifindn/a
CVE-2008-1274
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 16.45%
||
7 Day CHG~0.00%
Published-10 Mar, 2008 | 23:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2020-4554
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.87%
||
7 Day CHG~0.00%
Published-03 Aug, 2020 | 12:35
Updated-16 Sep, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183322.

Action-Not Available
Vendor-IBM Corporation
Product-i2_analysts_notebooki2 Analyst Notebook
CWE ID-CWE-787
Out-of-bounds Write
CVE-2009-1786
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.16% / 37.29%
||
7 Day CHG~0.00%
Published-26 May, 2009 | 15:16
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2007-4237
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 19.04%
||
7 Day CHG~0.00%
Published-08 Aug, 2007 | 22:00
Updated-07 Aug, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2015-1947
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.06% / 17.13%
||
7 Day CHG~0.00%
Published-31 Dec, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is loaded by a setuid or setgid program.

Action-Not Available
Vendor-n/aIBM Corporation
Product-infosphere_biginsightsn/a
CVE-2015-0162
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7||HIGH
EPSS-0.05% / 15.33%
||
7 Day CHG~0.00%
Published-20 Sep, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_siteprotector_systemn/a
CVE-2020-4264
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.87%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-i2_analysts_notebookwindowsi2 Analysts Notebook
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-4266
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.87%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 15:50
Updated-16 Sep, 2024 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-i2_analysts_notebookwindowsi2 Analysts Notebook
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-4549
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.87%
||
7 Day CHG~0.00%
Published-03 Aug, 2020 | 12:35
Updated-16 Sep, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183317.

Action-Not Available
Vendor-IBM Corporation
Product-i2_analysts_notebooki2 Analyst Notebook
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • Next
Details not found