IBM AIX lquerylv Local Privilege Escalation Vulnerability | [CVE-2016-6079]

Vulnerability Details

CVSS Rating: 7.8 (high)

CVE-2016-6079

Disclosing Company: Rhino Security Labs

Date: 02/15/2017

Status: Published

Affected software/version:
IBM AIX 5.3, 6.1, 7.1, and 7.2

Disclosure

Rhino Security Labs References

Blog Post: "UNIX NOSTALGIA: HUNTING FOR ZERODAY VULNERABILITIES ON IBM AIX"

GitHub: AIX lquerylv Local Root Exploit

IBM: Vulnerability in lquerylv in LVM impacts AIX

MITRE

NIST

Disclosure Date

02/15/2017

Vulnerability Description

The 'lquerylv' binary contained a regression issue which circumvented fixes for CVE-2016-6079, which was a Local Privilege Escalation (LPE) vulnerability in AIX's malloc implementation. The vulnerability allows a non-privileged user to escalate to superuser (root) privileges.

Related Disclosures

IBM AIX lmscode Local Privilege Escalation Vulnerability
[CVE-2016-3053]

IBM AIX Bellmail Privilege Escalation Vulnerability
[CVE-2016-8972]

CVSS Metrics

CVSS Rating (version 3.0)

7.8 (High)

Impact Score

Exploitability Score

5.9

1.8

Attack Vector

Local Privilege Escalation

Attack Complexity (AC)Low Privileges Required (PR)Low User Interaction (UI)None Scope (S)Unchanged

Confidentiality (C)High Integrity (I)High Availability (A)High

IBM AIX lquerylv Local Privilege Escalation Vulnerability[CVE-2016-6079]