Back to search
CVE-2009-2669
Published: Aug 5, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
IZ54593
vendor-advisory
x_refsource_AIXAPAR
IZ56204
vendor-advisory
x_refsource_AIXAPAR
36156
third-party-advisory
x_refsource_SECUNIA
http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc
x_refsource_CONFIRM
IZ56203
vendor-advisory
x_refsource_AIXAPAR
IZ54090
vendor-advisory
x_refsource_AIXAPAR
IZ54091
vendor-advisory
x_refsource_AIXAPAR
35934
vdb-entry
x_refsource_BID
IZ56205
vendor-advisory
x_refsource_AIXAPAR
ADV-2009-2151
vdb-entry
x_refsource_VUPEN
20090804 IBM AIX libC _LIB_INIT_DBG Arbitrary File Creation Vulnerability
third-party-advisory
x_refsource_IDEFENSE
IZ56206
vendor-advisory
x_refsource_AIXAPAR
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now