Vulnerability-Lookup

CVE-2008-0588 (GCVE-0-2008-0588)

Vulnerability from cvelistv5 – Published: 2008-02-05 02:00 – Updated: 2024-08-07 07:54

Summary

Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

9 references

URL	Tags
http://secunia.com/advisories/28609	third-party-advisoryx_refsource_SECUNIA
http://www.ibm.com/support/docview.wss?uid=isg1IZ06488	vendor-advisoryx_refsource_AIXAPAR
http://www.ibm.com/support/docview.wss?uid=isg1IZ06260	vendor-advisoryx_refsource_AIXAPAR
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=isg1IZ06620	vendor-advisoryx_refsource_AIXAPAR
http://www14.software.ibm.com/webapp/set2/subscri…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/27430	vdb-entryx_refsource_BID
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.vupen.com/english/advisories/2008/0261	vdb-entryx_refsource_VUPEN

Date Public

2008-01-22 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:54:21.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28609",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28609"
          },
          {
            "name": "IZ06488",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06488"
          },
          {
            "name": "IZ06260",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06260"
          },
          {
            "name": "aix-utape-bo(39909)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39909"
          },
          {
            "name": "IZ06620",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06620"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070"
          },
          {
            "name": "27430",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27430"
          },
          {
            "name": "oval:org.mitre.oval:def:5572",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572"
          },
          {
            "name": "ADV-2008-0261",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0261"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28609",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28609"
        },
        {
          "name": "IZ06488",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06488"
        },
        {
          "name": "IZ06260",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06260"
        },
        {
          "name": "aix-utape-bo(39909)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39909"
        },
        {
          "name": "IZ06620",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06620"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070"
        },
        {
          "name": "27430",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27430"
        },
        {
          "name": "oval:org.mitre.oval:def:5572",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572"
        },
        {
          "name": "ADV-2008-0261",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0261"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0588",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28609",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28609"
            },
            {
              "name": "IZ06488",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06488"
            },
            {
              "name": "IZ06260",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06260"
            },
            {
              "name": "aix-utape-bo(39909)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39909"
            },
            {
              "name": "IZ06620",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06620"
            },
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070",
              "refsource": "CONFIRM",
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070"
            },
            {
              "name": "27430",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27430"
            },
            {
              "name": "oval:org.mitre.oval:def:5572",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572"
            },
            {
              "name": "ADV-2008-0261",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0261"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0588",
    "datePublished": "2008-02-05T02:00:00.000Z",
    "dateReserved": "2008-02-04T00:00:00.000Z",
    "dateUpdated": "2024-08-07T07:54:21.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-0588",
      "date": "2026-05-28",
      "epss": "0.00051",
      "percentile": "0.16062"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17EECCCB-D7D1-439A-9985-8FAE8B44487B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer en el programa utape en devices.scsi.tape.diag de IBM AIX 5.2 y 5.3 permite a usuarios locales conseguir privilegios a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2008-0588",
      "lastModified": "2024-11-21T00:42:27.057",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-02-05T03:00:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/28609\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=isg1IZ06260\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=isg1IZ06488\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=isg1IZ06620\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/27430\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0261\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39909\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28609\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=isg1IZ06260\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=isg1IZ06488\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=isg1IZ06620\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/27430\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0261\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/39909\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0588\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-02-05T03:00:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en el programa utape en devices.scsi.tape.diag de IBM AIX 5.2 y 5.3 permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17EECCCB-D7D1-439A-9985-8FAE8B44487B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/28609\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IZ06260\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IZ06488\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IZ06620\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/27430\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0261\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39909\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IZ06260\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IZ06488\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=isg1IZ06620\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/27430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0261\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/39909\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-038

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans IBM AIX.

Description

Des applications démarrées avec les droits administrateur sont vulnérables à des dépassements de mémoire permettant l'exécution de code arbitraire. Des problèmes des droits en écriture sur des fichiers ont aussi été corrigés.

Solution

Se référer aux bulletins de sécurité d'IBM pour l'obtention des correctifs (cf. section Documentation).

AIX 5.x et 6.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CERTA-2008-AVI-038

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans IBM AIX.

Description

Solution

Se référer aux bulletins de sécurité d'IBM pour l'obtention des correctifs (cf. section Documentation).

AIX 5.x et 6.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

FKIE_CVE-2008-0588

Vulnerability from fkie_nvd - Published: 2008-02-05 03:00 - Updated: 2026-04-23 00:35

Severity

Summary

Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/28609
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=isg1IZ06260	Patch
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=isg1IZ06488	Patch
cve@mitre.org	http://www.ibm.com/support/docview.wss?uid=isg1IZ06620	Patch
cve@mitre.org	http://www.securityfocus.com/bid/27430
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0261
cve@mitre.org	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4070
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/39909
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28609
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=isg1IZ06260	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=isg1IZ06488	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/support/docview.wss?uid=isg1IZ06620	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27430
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0261
af854a3a-2127-422b-91ae-364da2661108	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4070
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/39909
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572

Impacted products

	Vendor	Product	Version
	ibm	aix	5.2
	ibm	aix	5.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el programa utape en devices.scsi.tape.diag de IBM AIX 5.2 y 5.3 permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2008-0588",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-05T03:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28609"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06260"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06488"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06620"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27430"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0261"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39909"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06620"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-RV8W-H7CQ-9WG2

Vulnerability from github – Published: 2022-05-01 23:31 – Updated: 2022-05-01 23:31

Details

Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0588"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-02-05T03:00:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.",
  "id": "GHSA-rv8w-h7cq-9wg2",
  "modified": "2022-05-01T23:31:43Z",
  "published": "2022-05-01T23:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0588"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39909"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28609"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06260"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06488"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06620"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27430"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0261"
    },
    {
      "type": "WEB",
      "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-0588

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

Aliases

CVE-2008-0588

Aliases

CVE-2008-0588

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0588",
    "description": "Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.",
    "id": "GSD-2008-0588"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0588"
      ],
      "details": "Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.",
      "id": "GSD-2008-0588",
      "modified": "2023-12-13T01:22:59.175015Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0588",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "28609",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28609"
          },
          {
            "name": "IZ06488",
            "refsource": "AIXAPAR",
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06488"
          },
          {
            "name": "IZ06260",
            "refsource": "AIXAPAR",
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06260"
          },
          {
            "name": "aix-utape-bo(39909)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39909"
          },
          {
            "name": "IZ06620",
            "refsource": "AIXAPAR",
            "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06620"
          },
          {
            "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070",
            "refsource": "CONFIRM",
            "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070"
          },
          {
            "name": "27430",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27430"
          },
          {
            "name": "oval:org.mitre.oval:def:5572",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572"
          },
          {
            "name": "ADV-2008-0261",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0261"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0588"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=4070"
            },
            {
              "name": "IZ06260",
              "refsource": "AIXAPAR",
              "tags": [
                "Patch"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06260"
            },
            {
              "name": "IZ06488",
              "refsource": "AIXAPAR",
              "tags": [
                "Patch"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06488"
            },
            {
              "name": "IZ06620",
              "refsource": "AIXAPAR",
              "tags": [
                "Patch"
              ],
              "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ06620"
            },
            {
              "name": "28609",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/28609"
            },
            {
              "name": "27430",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27430"
            },
            {
              "name": "ADV-2008-0261",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0261"
            },
            {
              "name": "aix-utape-bo(39909)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39909"
            },
            {
              "name": "oval:org.mitre.oval:def:5572",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5572"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-29T01:30Z",
      "publishedDate": "2008-02-05T03:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0588 (GCVE-0-2008-0588)

CERTA-2008-AVI-038

Description

Solution

CERTA-2008-AVI-038

Description

Solution

FKIE_CVE-2008-0588

GHSA-RV8W-H7CQ-9WG2

GSD-2008-0588

Tags

Sightings

Nomenclature