Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1329

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-1329
Last Modified 05 Sep 2008 04:41:00
Published 20 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1329

Summary

Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.

Vulnerable Systems

Operating System

  • Ibm Aix 5.1

  • Ibm Aix 5.1l

  • Ibm Aix 5.2

  • Ibm Aix 5.2 L

  • Ibm Aix 5.2.2

  • Ibm Aix 5.3

  • Ibm Aix 5.3 L


References

XF - aix-diagnostics-gain-privileges(18620)

BID - 12041

AIXAPAR - IY64389

AIXAPAR - IY64277

BUGTRAQ - 20041220 AIX 5.1/5.2/5.3 local root exploits

BUGTRAQ - 20070402 Re: AIX 4.3 lsmcode local root command execution

BUGTRAQ - 20070330 AIX 4.3 lsmcode local root command execution

MILW0RM - 701


Last Updated: 27 May 2016 10:38:59