Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2009-1786

Published: 26/05/2009 Updated: 29/09/2017
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 695
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Ibm

Vulnerability Summary

The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.

Vulnerable Product Search on Vulmon Subscribe to Product

ibm aix 5.3

ibm aix 6.1

Exploits

Exploit DB: Kingsoft Webshield 1.1.0.62 - Cross-Site Scripting / Remote Command Execution
source: wwwsecurityfocuscom/bid/35038/info The Webshield feature of Kingsoft Internet Security 9 is prone to a remote cross-site scripting and command-execution vulnerability Remote attackers may exploit this vulnerability to compromise an affected computer This issue affects WebShield 11062 and prior versions wwwexample ...
Exploit DB: AIX 5.3 / 6.1 / 7.1 / 7.2 lquerylv Local Root
This exploit takes advantage of known issues with debugging functions within the AIX linker library It takes advantage of known functionality, and focuses on badly coded SUID binaries which do not adhere to proper security checks prior to seteuid/open/writes ...

References

CWE-362http://securitytracker.com/id?1022261http://aix.software.ibm.com/aix/efixes/security/libc_advisory.aschttp://www.osvdb.org/54617http://www.securityfocus.com/bid/35034http://www.ibm.com/support/docview.wss?uid=isg1IZ50500http://www.ibm.com/support/docview.wss?uid=isg1IZ50139http://www.ibm.com/support/docview.wss?uid=isg1IZ50445http://secunia.com/advisories/35146http://www.vupen.com/english/advisories/2009/1380http://www.ibm.com/support/docview.wss?uid=isg1IZ50121http://www.ibm.com/support/docview.wss?uid=isg1IZ50129http://www.ibm.com/support/docview.wss?uid=isg1IZ50517http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=802http://www.ibm.com/support/docview.wss?uid=isg1IZ50447https://exchange.xforce.ibmcloud.com/vulnerabilities/50636https://www.exploit-db.com/exploits/9306https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6276https://nvd.nist.govhttps://www.exploit-db.com/exploits/33001/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook