IBM AIX Bellmail Privilege Escalation Vulnerability | [CVE-2016-8972]

Vulnerability Details

CVSS Rating: 7.8 (high)

CVE-2016-8972

Disclosing Company: Rhino Security Labs

Date: 02/15/2017

Status: Published

Affected software/version:
IBM AIX 6.1, 7.1, and 7.2

Disclosure

Rhino Security Labs References

Blog Post: "AIX Bug Hunting Part 2 – Bellmail Privilege Escalation"

GitHub: IBM AIX Bellmail Local Root Exploit

IBM: "Vulnerability in Bellmail Affects AIX"

MITRE

NIST

Disclosure Date

02/15/2017

Vulnerability Description

Bellmail contained a vulnerability which allowed non-privileged users to escalate privileges through the email archiving functions 's' and 'w'. Due to lax access controls, attackers would be able to overwrite, or create, privileged files on the filesystem.

Related Disclosures

IBM AIX lmscode Local Privilege Escalation Vulnerability
[CVE-2016-3053]

IBM AIX lquerylv Local Privilege Escalation Vulnerability
[CVE-2016-6079]

CVSS Metrics

CVSS Rating (version 3.0)

7.8 (High)

Impact Score

Exploitability Score

5.9

1.8

Attack Vector

Local Privilege Escalation

Attack Complexity (AC)Low Privileges Required (PR)Low User Interaction (UI)None Scope (S)Unchanged

Confidentiality (C)High Integrity (I)High Availability (A)High

IBM AIX Bellmail Privilege Escalation Vulnerability[CVE-2016-8972]