CVE-2001-1080
First published: Tue Jun 19 2001(Updated: )
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM AIX | =4.3 | |
| IBM AIX | =5.1 |
Remedy
http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2001.225.1/$file/oar225.txt
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-1080?
CVE-2001-1080 is considered to have a high severity level due to its potential to allow local users to gain elevated privileges.
How do I fix CVE-2001-1080?
To mitigate CVE-2001-1080, ensure that the DIAGDATADIR environment variable is not modified by unauthorized users.
What versions of AIX are affected by CVE-2001-1080?
CVE-2001-1080 affects IBM AIX versions 4.3.x and 5.1.
Can the user exploit CVE-2001-1080 remotely?
No, CVE-2001-1080 requires local access to exploit the vulnerability.
What type of attacks can occur due to CVE-2001-1080?
CVE-2001-1080 can lead to privilege escalation attacks through the execution of Trojan horse programs.
- agent/author
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- vendor/ibm
- canonical/ibm aix
- version/ibm aix/4.3
- version/ibm aix/5.1