ID CVE-2007-4622
Summary Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.
References
Vulnerable Configurations
  • cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 29-07-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
aixapar IZ05017
bid 26262
confirm ftp://aix.software.ibm.com/aix/efixes/security/dig_ifix.tar
idefense 20071030 IBM AIX dig dns_name_fromtext Integer Underflow Vulnerability
sectrack 1018871
secunia 27437
vupen ADV-2007-3669
xf aix-dig-dnsnamefromtext-integer-underflow(38169)
Last major update 29-07-2017 - 01:33
Published 05-11-2007 - 16:46
Last modified 29-07-2017 - 01:33
Back to Top