CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
9.5%
Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.
ftp://aix.software.ibm.com/aix/efixes/security/README
labs.idefense.com/intelligence/vulnerabilities/display.php?id=571
secunia.com/advisories/26219
www-1.ibm.com/support/docview.wss?uid=isg1IZ01812
www-1.ibm.com/support/docview.wss?uid=isg1IZ01813
www.securityfocus.com/bid/25077
www.securitytracker.com/id?1018465
www.vupen.com/english/advisories/2007/2675
exchange.xforce.ibmcloud.com/vulnerabilities/35627