CVE-2012-2200

Current Description

The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.

Basic Data

PublishedJune 27, 2012
Last ModifiedAugust 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSIbmAix6.1*******
    2.3OSIbmAix7.1*******
    2.3OSIbmVios2.2.1.4fp-25_sp-02******

Vulnerable Software List

VendorProductVersions
Ibm Vios 2.2.1.4
Ibm Aix 6.1, 7.1

References

NameSourceURLTags
http://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.aschttp://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.ascCONFIRMVendor Advisory
IV22963http://www.ibm.com/support/docview.wss?uid=isg1IV22963AIXAPAR
IV22964http://www.ibm.com/support/docview.wss?uid=isg1IV22964AIXAPAR
IV22965http://www.ibm.com/support/docview.wss?uid=isg1IV22965AIXAPAR
IV22966http://www.ibm.com/support/docview.wss?uid=isg1IV22966AIXAPAR
1027207http://www.securitytracker.com/id?1027207SECTRACK
aix-sendmail-command-execution(76466)https://exchange.xforce.ibmcloud.com/vulnerabilities/76466XF