What is the "crafted DBGCMD_LQUERYLV" in CVE-2014-8904

Asked Jan 16 '15 at 19:01

Active Apr 14 '15 at 19:30

Viewed 503 times

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8904

lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.

But it doesn't explains what is the content of the DBGCMD_LQUERYLV variable.

$ DBGCMD_LQUERYLV="touch testfile"
$ echo "$DBGCMD_LQUERYLV"
touch testfile
$ /usr/sbin/lquerylv -L `getlvodm -l hd3` -r >/dev/null
$ ls -la testfile
testfile not found
$ oslevel -s
6100-08-03-1339
$ lslpp -L bos.rte.lvm
  Fileset                      Level  State  Type  Description (Uninstaller)
  ----------------------------------------------------------------------------
  bos.rte.lvm               6.1.8.16    C     F    Logical Volume Manager

Question: What is the "crafted DBGCMD_LQUERYLV" in CVE-2014-8904 ?

asked Jan 16 '15 at 19:01

whoisthesomeone

There isn't enough data in the CVE to determine that. It looks like IBM wanted to not disclose that detail in its information. – schroeder Jan 16 '15 at 19:44

What is the "crafted DBGCMD_LQUERYLV" in CVE-2014-8904

0 Answers0