Back to search
CVE-2014-3074
Published: Jul 2, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
68296
vdb-entry
x_refsource_BID
20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX
mailing-list
x_refsource_BUGTRAQ
IV60940
vendor-advisory
x_refsource_AIXAPAR
20140708 CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX
mailing-list
x_refsource_FULLDISC
1030504
vdb-entry
x_refsource_SECTRACK
http://aix.software.ibm.com/aix/efixes/security/malloc_advisory.asc
x_refsource_CONFIRM
IV61311
vendor-advisory
x_refsource_AIXAPAR
ibm-aix-cve20143074-priv-escalation(93816)
vdb-entry
x_refsource_XF
IV60935
vendor-advisory
x_refsource_AIXAPAR
IV61315
vendor-advisory
x_refsource_AIXAPAR
59344
third-party-advisory
x_refsource_SECUNIA
IV61313
vendor-advisory
x_refsource_AIXAPAR
IV61314
vendor-advisory
x_refsource_AIXAPAR
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now