CVE-2014-8904

lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
ibmvios
2.2.0.10
ibmvios
2.2.0.11
ibmvios
2.2.0.12
ibmvios
2.2.0.13
ibmvios
2.2.1.0
ibmvios
2.2.1.1
ibmvios
2.2.1.3
ibmvios
2.2.1.4
ibmvios
2.2.1.5
ibmvios
2.2.1.6
ibmvios
2.2.1.7
ibmvios
2.2.1.8
ibmvios
2.2.1.9
ibmvios
2.2.2.0
ibmvios
2.2.2.1
ibmvios
2.2.2.2
ibmvios
2.2.2.3
ibmvios
2.2.2.4
ibmvios
2.2.2.5
ibmvios
2.2.3.0
ibmvios
2.2.3.1
ibmvios
2.2.3.2
ibmvios
2.2.3.3
ibmvios
2.2.3.4
ibmaix
5.3
ibmaix
6.1
ibmaix
7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc
http://secunia.com/advisories/62195
http://www.ibm.com/support/docview.wss?uid=isg1IV67907
http://www.ibm.com/support/docview.wss?uid=isg1IV67908
http://www.ibm.com/support/docview.wss?uid=isg1IV68070
http://www.ibm.com/support/docview.wss?uid=isg1IV68082
http://www.ibm.com/support/docview.wss?uid=isg1IV68478
http://www.securitytracker.com/id/1031596
https://exchange.xforce.ibmcloud.com/vulnerabilities/99193
https://www.exploit-db.com/exploits/38576/
http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc
http://secunia.com/advisories/62195
http://www.ibm.com/support/docview.wss?uid=isg1IV67907
http://www.ibm.com/support/docview.wss?uid=isg1IV67908
http://www.ibm.com/support/docview.wss?uid=isg1IV68070
http://www.ibm.com/support/docview.wss?uid=isg1IV68082
http://www.ibm.com/support/docview.wss?uid=isg1IV68478
http://www.securitytracker.com/id/1031596
https://exchange.xforce.ibmcloud.com/vulnerabilities/99193
https://www.exploit-db.com/exploits/38576/