AIX cmdlvm vulnerability PDF Print E-mail
User Rating: / 1
PoorBest 
Written by Michael Felt   

CVE Details: http://www.cvedetails.com/cve/CVE-2014-8904/

IBM ASCII announcement: http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc

 
===============================================================================
VULNERABILITY SUMMARY
VULNERABILITY:      AIX cmdlvm vulnerability
PLATFORMS:          AIX 5.3, 6.1 and 7.1 releases
VIOS 2.2.*
SOLUTION:           Apply the fix as described below
THREAT:             An attacker could gain elevated privileges
CVE Number:         CVE-2014-8904 CVSS=7.2
Reboot required?    NO 
Workarounds?        NO
Protected by FPM?   NO
Protected by SED?   NO
===============================================================================
DETAILED INFORMATION
I. DESCRIPTION
The running of lquerylv command with variable DBGCMD_LQUERYLV set may allow
a local user to gain root privileges.
 
Next >