Vulnerability Description
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Aix | 6.1 |
| Ibm | Vios | 2.2.2.2 |
Related Weaknesses (CWE)
References
- http://aix.software.ibm.com/aix/efixes/security/tftp_advisory.ascVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV40221Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV42700Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV42932Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV42933Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV42934Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV42935Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85366
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://aix.software.ibm.com/aix/efixes/security/tftp_advisory.ascVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV40221Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV42700Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV42932Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV42933Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=isg1IV42934Vendor Advisory
FAQ
What is CVE-2013-3005?
CVE-2013-3005 is a vulnerability with a CVSS score of 8.5 (HIGH). The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbi...
How severe is CVE-2013-3005?
CVE-2013-3005 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3005?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aix, Ibm Vios.