IBM AIX 6.1/7.1 Runtime Linker malloc MALLOCOPTIONS/MALLOCBUCKETS access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.6 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in IBM AIX 6.1/7.1. The affected element is the function malloc of the component Runtime Linker. Performing a manipulation of the argument MALLOCOPTIONS/MALLOCBUCKETS as part of Environment Variable results in access control.
This vulnerability was named CVE-2014-3074. In addition, an exploit is available.
To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability, which was classified as critical, was found in IBM AIX 6.1/7.1 (Operating System). This affects the function malloc of the component Runtime Linker. The manipulation of the argument MALLOCOPTIONS/MALLOCBUCKETS as part of a Environment Variable leads to a access control vulnerability. CWE is classifying the issue as CWE-264. This is going to have an impact on confidentiality, integrity, and availability.
The issue has been introduced in 11/09/2007. The weakness was presented 07/01/2014 by Tim Brown (Portcullis) with Portcullis Computer Security Ltd. as AIX Malloc vulnerability as confirmed advisory (Website). It is possible to read the advisory at aix.software.ibm.com. This vulnerability is uniquely identified as CVE-2014-3074 since 04/29/2014. The exploitability is told to be easy. Attacking locally is a requirement. No form of authentication is needed for exploitation. Technical details and a public exploit are known. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
A public exploit has been developed by Hector X. Monsegur and been published 3 years after the advisory. The exploit is shared for download at exploit-db.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 2426 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 77261 (AIX 6.1 TL 7 : malloc (IV62802)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family AIX Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 122216 (IBM AIX Malloc Privilege Escalation Vulnerability).
Applying a patch is able to eliminate this problem.
The vulnerability is also documented in the databases at X-Force (93816), Exploit-DB (40710), Tenable (77261), SecurityFocus (BID 68296†) and Secunia (SA59344†). See VDB-48311 and VDB-93536 for similar entries. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.ibm.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.4VulDB Meta Temp Score: 7.6
VulDB Base Score: 8.4
VulDB Temp Score: 7.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: Hector X. Monsegur
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 77261
Nessus Name: AIX 6.1 TL 7 : malloc (IV62802)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Timeline
11/09/2007 🔍04/29/2014 🔍
06/30/2014 🔍
06/30/2014 🔍
07/01/2014 🔍
07/01/2014 🔍
07/02/2014 🔍
07/02/2014 🔍
07/03/2014 🔍
07/10/2014 🔍
08/20/2014 🔍
11/04/2016 🔍
11/04/2016 🔍
12/17/2024 🔍
Sources
Vendor: ibm.comAdvisory: AIX Malloc vulnerability
Researcher: Tim Brown (Portcullis)
Organization: Portcullis Computer Security Ltd.
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2014-3074 (🔍)
GCVE (CVE): GCVE-0-2014-3074
GCVE (VulDB): GCVE-100-66963
OVAL: 🔍
X-Force: 93816
SecurityFocus: 68296 - IBM AIX CVE-2014-3074 Temporary File Creation Vulnerability
Secunia: 59344 - IBM AIX / Virtual I/O Server Runtime Linker Privilege Escalation Vulnerability, Less Critical
SecurityTracker: 1030504 - IBM AIX Lets Local Users Gain Elevated Privileges
Vulnerability Center: 45232 - IBM AIX 6.1 and 7.1 Local Privelege Escalation in Runtime Linker, High
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 07/03/2014 11:23Updated: 12/17/2024 10:45
Changes: 07/03/2014 11:23 (82), 06/01/2017 04:41 (15), 02/08/2022 08:59 (3), 02/08/2022 09:04 (1), 12/17/2024 10:45 (16)
Complete: 🔍
Cache ID: 216:69F:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.