fkie_cve-2011-1384
Vulnerability from fkie_nvd
Published
2012-01-04 03:55
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.
References
cve@mitre.orghttp://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.ascVendor Advisory
cve@mitre.orghttp://secunia.com/advisories/47222Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=isg1IV11643
cve@mitre.orghttp://www.securityfocus.com/bid/51059
cve@mitre.orghttp://www.securityfocus.com/bid/51083
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/71615
af854a3a-2127-422b-91ae-364da2661108http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.ascVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47222Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/51059
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/51083
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/71615
Impacted products
Vendor Product Version
ibm invscout.rte *
ibm invscout.rte 2.2.0.2
ibm invscout.rte 2.2.0.4
ibm invscout.rte 2.2.0.7
ibm invscout.rte 2.2.0.8
ibm invscout.rte 2.2.0.9
ibm invscout.rte 2.2.0.10
ibm invscout.rte 2.2.0.11
ibm invscout.rte 2.2.0.12
ibm invscout.rte 2.2.0.13
ibm invscout.rte 2.2.0.14
ibm invscout.rte 2.2.0.15
ibm invscout.rte 2.2.0.17
ibm aix *
ibm aix 5.3
ibm aix 6.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D9F1AD-E4F6-4CDB-8251-280AB3A24AA6",
              "versionEndIncluding": "2.2.0.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "917F5D86-1940-4791-A001-9E50B0F25EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "523443DB-1392-446E-A849-725BB243FE62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A6D2B7-8A8A-45A7-AFB6-7B4E6BA678E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C6BB23F-C9D7-46D9-B9B5-34246B35A11A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "373D8BF9-B715-44C3-9470-F1D0D423D896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "96B0104F-2901-4A2A-A40D-087181F57A8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDA4AAF-6758-407A-BB95-F915D7BF1DD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B63444E2-2119-45C9-BDB2-A1FB403EE5D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0932F7A5-A1C1-433D-9885-F4EAD43F46AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6667E9B-0738-4715-83EC-A37D962E6A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E29DE445-5ECE-4B2C-BE6C-5E2D8D33593F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE45686C-FE4B-42AE-ACDB-6FDF0D3819A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CF7BE3C-BC19-4762-9C74-0AF58258A98D",
              "versionEndIncluding": "7.1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file."
    },
    {
      "lang": "es",
      "value": "El programa (1) bin/invscoutClient_VPD_Survey y (2) sbin/invscout_lsvpd en invscout.rte antes de v2.2.0.19 en IBM AIX v7.1, v6.1, v5.3, y anteriores, permite a usuarios locales borrar archivos de su elecci\u00f3n o lanzar las operaciones de exploraci\u00f3n de inventario en archivos de su elecci\u00f3n, a trav\u00e9s de un ataque de enlace simb\u00f3lico en un archivo no especificado."
    }
  ],
  "id": "CVE-2011-1384",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-01-04T03:55:04.567",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47222"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/51059"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/51083"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71615"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.