Detections
Analytics

CVE-2012-0745

high

Description

The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/74679

http://www.securitytracker.com/id?1027021

http://www.securityfocus.com/bid/53393

http://www.ibm.com/support/docview.wss?uid=isg1IV19098

http://www.ibm.com/support/docview.wss?uid=isg1IV19097

http://www.ibm.com/support/docview.wss?uid=isg1IV19077

http://www.ibm.com/support/docview.wss?uid=isg1IV18638

http://www.ibm.com/support/docview.wss?uid=isg1IV18637

http://www.ibm.com/support/docview.wss?uid=isg1IV18464

http://secunia.com/advisories/49073

http://osvdb.org/81683

http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc

Details

Source: Mitre, NVD

Published: 2012-05-04

Updated: 2017-12-07

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High