CVE-2004-1054

Properties

Published:
09.01.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N) Approximated
Product:
IBM: AIX
IBM: AIX
IBM: AIX
IBM: AIX
IBM: AIX
IBM: AIX
IBM: AIX

Vulnerability description

Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious"uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.

References:

Security Focus: http://www.securityfocus.com/bid/12061
iDefense: http://www.idefense.com/application/poi/display?id=171&type=vulnerabilities
IDEFENSE: http://www.idefense.com/application/poi/display?id=171&type=vulnerabilities
AIXAPAR: http://www-1.ibm.com/support/search.wss?rs=0&q=IY64852&apar=only
AIXAPAR: http://www-1.ibm.com/support/search.wss?rs=0&q=IY64976&apar=only
AIXAPAR: http://www-1.ibm.com/support/search.wss?rs=0&q=IY64820&apar=only
XF: http://xforce.iss.net/xforce/xfdb/18619