CVE-2010-3405: Buffer Overflow
First published: Thu Sep 16 2010(Updated: )
Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM AIX | =5.3 | |
| IBM AIX | =6.1 | |
| IBM Virtual I/O Server (VIOS) | =2.1 | |
| IBM Virtual I/O Server (VIOS) | =1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ibm.com/support/docview.wss?uid=isg1IZ84167
- http://www.ibm.com/support/docview.wss?uid=isg1IZ83975
- http://www.securityfocus.com/bid/43207
- http://secunia.com/advisories/41446
- http://www.ibm.com/support/docview.wss?uid=isg1IZ83942
- http://www.vupen.com/english/advisories/2010/2377
- http://www.ibm.com/support/docview.wss?uid=isg1IZ83909
- http://www.ibm.com/support/docview.wss?uid=isg1IZ82630
- http://aix.software.ibm.com/aix/efixes/security/sa_snap_advisory.asc
- http://securitytracker.com/id?1024430
- http://www.ibm.com/support/docview.wss?uid=isg1IZ81819
- http://www.ibm.com/support/docview.wss?uid=isg1IZ82245
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61774
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12214
Frequently Asked Questions
What is the severity of CVE-2010-3405?
CVE-2010-3405 is considered a high severity vulnerability due to its potential to allow local privilege escalation.
How do I fix CVE-2010-3405?
To fix CVE-2010-3405, you should apply the latest security patches provided by IBM for AIX and VIOS.
Who is affected by CVE-2010-3405?
CVE-2010-3405 affects local users of IBM AIX versions 5.3, 6.1 and IBM VIOS versions 1.5, 2.1.
What kind of attack does CVE-2010-3405 enable?
CVE-2010-3405 enables local users to exploit a buffer overflow to gain elevated privileges on the system.
Is CVE-2010-3405 a network vulnerability?
No, CVE-2010-3405 is not a network vulnerability; it requires local access to the system.
- agent/type
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/remedy
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm aix
- version/ibm aix/5.3
- version/ibm aix/6.1
- canonical/ibm virtual i/o server (vios)
- version/ibm virtual i/o server (vios)/2.1
- version/ibm virtual i/o server (vios)/1.5