CVE-2008-1599
First published: Mon Mar 31 2008(Updated: )
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM AIX | =5.3 | |
| IBM AIX | =5.2 | |
| IBM AIX | =6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4156
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4157
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4158
- http://www.ibm.com/support/docview.wss?uid=isg1IZ16975
- http://www.ibm.com/support/docview.wss?uid=isg1IZ16991
- http://www.ibm.com/support/docview.wss?uid=isg1IZ17058
- http://www.ibm.com/support/docview.wss?uid=isg1IZ17059
- http://securitytracker.com/id?1019604
- http://www.vupen.com/english/advisories/2008/0865
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5468
Frequently Asked Questions
What is the severity of CVE-2008-1599?
CVE-2008-1599 has a medium severity rating, indicating a potential for local privilege escalation.
How do I fix CVE-2008-1599?
To fix CVE-2008-1599, update your IBM AIX system to the latest version that addresses this vulnerability.
Which versions of IBM AIX are affected by CVE-2008-1599?
CVE-2008-1599 affects IBM AIX versions 5.2, 5.3, and 6.1.
What types of programs are involved in CVE-2008-1599?
The programs involved in CVE-2008-1599 include atmstat, entstat, fddistat, hdlcstat, and tokstat.
Can local users exploit CVE-2008-1599?
Yes, local users can gain elevated privileges on systems affected by CVE-2008-1599 through improper handling of environment variables.
- agent/references
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm aix
- version/ibm aix/5.3
- version/ibm aix/5.2
- version/ibm aix/6.1