NVD Vulnerability Detail

CVE-2012-0745

Summary	The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.
Publication Date	May 5, 2012, 1:55 a.m.
Registration Date	Jan. 28, 2021, 2:54 p.m.
Last Update	Nov. 21, 2024, 10:35 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc	Vendor Advisory
2	http://osvdb.org/81683
3	http://secunia.com/advisories/49073
4	http://www.ibm.com/support/docview.wss?uid=isg1IV18464	Vendor Advisory
5	http://www.ibm.com/support/docview.wss?uid=isg1IV18637	Vendor Advisory
6	http://www.ibm.com/support/docview.wss?uid=isg1IV18638	Vendor Advisory
7	http://www.ibm.com/support/docview.wss?uid=isg1IV19077	Vendor Advisory
8	http://www.ibm.com/support/docview.wss?uid=isg1IV19097	Vendor Advisory
9	http://www.ibm.com/support/docview.wss?uid=isg1IV19098	Vendor Advisory
10	http://www.securityfocus.com/bid/53393
11	http://www.securitytracker.com/id?1027021
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/74679
13	http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc	Vendor Advisory
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/74679
15	http://www.securitytracker.com/id?1027021
16	http://www.securityfocus.com/bid/53393
17	http://www.ibm.com/support/docview.wss?uid=isg1IV19098	Vendor Advisory
18	http://www.ibm.com/support/docview.wss?uid=isg1IV19097	Vendor Advisory
19	http://www.ibm.com/support/docview.wss?uid=isg1IV19077	Vendor Advisory
20	http://www.ibm.com/support/docview.wss?uid=isg1IV18638	Vendor Advisory
21	http://www.ibm.com/support/docview.wss?uid=isg1IV18637	Vendor Advisory
22	http://www.ibm.com/support/docview.wss?uid=isg1IV18464	Vendor Advisory
23	http://secunia.com/advisories/49073
24	http://osvdb.org/81683

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

IBM AIX および VIOS における権限を取得される脆弱性

Title	IBM AIX および VIOS における権限を取得される脆弱性
Summary	IBM AIX および VIOS の getpwnam 関数は、顧客が拡張した (customer-extended) LDAP ユーザフィルタリングを適切に処理しないため、権限を取得される脆弱性が存在します。
Possible impacts	ローカルユーザにより、権限を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 5, 2012, midnight
Registration Date	May 8, 2012, 3:23 p.m.
Last Update	May 8, 2012, 3:23 p.m.

Affected System

IBM

IBM AIX 5.3

IBM AIX 6.1

IBM AIX 7.1

IBM VIOS 2.1.0.10 から 2.2.1.3

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-0745	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0745
National Vulnerability Database (NVD)
2	CVE-2012-0745	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0745

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
IBM SECURITY ADVISORY
1	Vulnerability in LDAP Authentication	http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc
IBM Support Document
2	IV18464	http://www-01.ibm.com/support/docview.wss?uid=isg1IV18464
3	IV18637	http://www-01.ibm.com/support/docview.wss?uid=isg1IV18637
4	IV18638	http://www-01.ibm.com/support/docview.wss?uid=isg1IV18638
5	IV19077	http://www-01.ibm.com/support/docview.wss?uid=isg1IV19077
6	IV19097	http://www-01.ibm.com/support/docview.wss?uid=isg1IV19097
7	IV19098	http://www-01.ibm.com/support/docview.wss?uid=isg1IV19098

Change Log

No	Changed Details	Date of change
0	[2012年05月08日] 掲載	Feb. 17, 2018, 10:37 a.m.