ID |
CVE-2004-1329
|
Summary |
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
-
cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*
-
cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
-
cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
-
cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
-
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
-
cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.2 (as of 19-10-2018 - 15:30) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
aixapar | | bid | 12041 | bugtraq | - 20041220 AIX 5.1/5.2/5.3 local root exploits
- 20070330 AIX 4.3 lsmcode local root command execution
- 20070402 Re: AIX 4.3 lsmcode local root command execution
| exploit-db | 701 | xf | aix-diagnostics-gain-privileges(18620) |
|
Last major update |
19-10-2018 - 15:30 |
Published |
20-12-2004 - 05:00 |
Last modified |
19-10-2018 - 15:30 |