Back to search
CVE-2012-4845
Published: Oct 20, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
IV28715
vendor-advisory
x_refsource_AIXAPAR
IV23331
vendor-advisory
x_refsource_AIXAPAR
http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc
x_refsource_CONFIRM
oval:org.mitre.oval:def:19695
vdb-entry
signature
x_refsource_OVAL
IV28785
vendor-advisory
x_refsource_AIXAPAR
IV28787
vendor-advisory
x_refsource_AIXAPAR
56134
vdb-entry
x_refsource_BID
aix-ftp-setuid(79279)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now