[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2004-1329Date: (C)2004-12-20   (M)2023-12-22


Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-12041
http://marc.info/?l=bugtraq&m=110355931920123&w=2
http://www.securityfocus.com/archive/1/464276/100/0/threaded
http://www.securityfocus.com/archive/1/464481/100/0/threaded
EXPLOIT-DB-701
IY64277
IY64389
aix-diagnostics-gain-privileges(18620)

CPE    7
cpe:/o:ibm:aix:5.2.2
cpe:/o:ibm:aix:5.1l
cpe:/o:ibm:aix:5.3
cpe:/o:ibm:aix:5.2
...

© SecPod Technologies