Vulnerability Description
The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Aix | 5.3 |
| Ibm | Vios | 2.1.0.10 |
Related Weaknesses (CWE)
References
- http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.ascVendor Advisory
- http://osvdb.org/81683
- http://secunia.com/advisories/49073
- http://www.ibm.com/support/docview.wss?uid=isg1IV18464Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV18637Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV18638Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV19077Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV19097Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV19098Vendor Advisory
- http://www.securityfocus.com/bid/53393
- http://www.securitytracker.com/id?1027021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74679
- http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.ascVendor Advisory
- http://osvdb.org/81683
- http://secunia.com/advisories/49073
FAQ
What is CVE-2012-0745?
CVE-2012-0745 is a vulnerability with a CVSS score of 7.2 (HIGH). The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges ...
How severe is CVE-2012-0745?
CVE-2012-0745 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0745?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aix, Ibm Vios.