#VU1022 Privilege escalation in IBM AIX and IBM VIOS - CVE-2016-3053
Published: October 18, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU1022
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-3053
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
IBM AIX
IBM VIOS
IBM AIX
IBM VIOS
Software vendor:
IBM Corporation
IBM Corporation
Description
The vulnerability allows a local user to obtain elevated privileges.
The vulnerability exists due to unspecified flaw in lsmcode. A local user can obtain root privileges on the system.
Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system.
The vulnerability exists due to unspecified flaw in lsmcode. A local user can obtain root privileges on the system.
Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system.
Remediation
Update fixed versions:
http://aix.software.ibm.com/aix/efixes/security/lsmcode_fix2.tar
http://aix.software.ibm.com/aix/efixes/security/lsmcode_fix2.tar