Privilege escalation in IBM AIX and IBM VIOS - CVE-2016-3053
Published: October 18, 2016 / Updated: September 14, 2018
Vulnerability identifier: #VU1022
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2016-3053
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: IBM Corporation
Affected software:
IBM AIX
IBM VIOS
IBM AIX
IBM VIOS
Detailed vulnerability description
The vulnerability allows a local user to obtain elevated privileges.
The vulnerability exists due to unspecified flaw in lsmcode. A local user can obtain root privileges on the system.
Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system.
The vulnerability exists due to unspecified flaw in lsmcode. A local user can obtain root privileges on the system.
Successful exploitation of this vulnerability will allow the local attacker to obtain elevated privileges on vulnerable system.
How to mitigate CVE-2016-3053
Update fixed versions:
http://aix.software.ibm.com/aix/efixes/security/lsmcode_fix2.tar
http://aix.software.ibm.com/aix/efixes/security/lsmcode_fix2.tar