Stack-based Buffer Overflow in IBM Tivoli Monitoring on Linux and UNIX
CVE-2016-2946

7.8HIGH

Key Information:

Vendor

IBM
Status
Tivoli Monitoring
Vendor
CVE Published:
1 December 2016

What is CVE-2016-2946?

A stack-based buffer overflow vulnerability exists in the ax Shared Libraries within the Agent of IBM Tivoli Monitoring on Linux and UNIX systems. This issue affects specific versions of the software, allowing local users to exploit the vulnerability through unspecified vectors. Successful exploitation may lead to privilege escalation, enabling attackers to execute arbitrary code or gain unauthorized access to sensitive system resources. Users are encouraged to update to the latest versions to mitigate the risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg1IV85845
vendor-advisoryx_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg21984578
x_refsource_CONFIRM
http://www.securityfocus.com/bid/92389
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-2946 : Stack-based Buffer Overflow in IBM Tivoli Monitoring on Linux and UNIX