PT-2012-3876 · Ibm · Aix+2

Published

2012-06-27

Updated

2021-08-31

CVE-2012-2200

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions sendmail in IBM AIX versions 6.1 through 7.1 sendmail in VIOS version 2.2.1.4-FP-25 SP-02

Description The default configuration of sendmail allows local users to gain privileges by entering a command in a .forward file in a home directory.

Recommendations For sendmail in IBM AIX versions 6.1 through 7.1, consider restricting access to the .forward file to prevent local users from gaining privileges. For sendmail in VIOS version 2.2.1.4-FP-25 SP-02, consider restricting access to the .forward file to prevent local users from gaining privileges. As a temporary workaround, consider disabling the use of .forward files in home directories until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-2200

Affected Products

Aix

Vios

Sendmail

PT-2012-3876 · Ibm · Aix+2

CVE-2012-2200

Weakness Enumeration

Related Identifiers

Affected Products

References · 9