CVE-2007-4238

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

08/08/2007

Last modified:

23/04/2026

Description

AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit.

Impact

Vector 2.0

AV:L/AC:M/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 6.90 MEDIUM
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Attack Vector (AV): Local
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

6.90

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:ibm:aix:5.2:::::::*
cpe:2.3:o:ibm:aix:5.3:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://osvdb.org/36782
http://secunia.com/advisories/26219
http://securitytracker.com/id?1018468
http://www-1.ibm.com/support/docview.wss?uid=isg1IY79785
http://www-1.ibm.com/support/docview.wss?uid=isg1IY79786
http://www.vupen.com/english/advisories/2007/2678
http://osvdb.org/36782
http://secunia.com/advisories/26219
http://securitytracker.com/id?1018468
http://www-1.ibm.com/support/docview.wss?uid=isg1IY79785
http://www-1.ibm.com/support/docview.wss?uid=isg1IY79786
http://www.vupen.com/english/advisories/2007/2678