Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2697

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2004-2697
Last Modified 05 Sep 2008 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2697

Summary

The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.

Vulnerable Systems

Operating System

  • Ibm Aix 4.3.3

  • Ibm Aix 5.1

  • Ibm Aix 5.1l


References

XF - aix-invscoutd-gain-privileges(15620)

MISC - http://www.xfocus.org/exploits/200403/31.html

BID - 9982

MISC - http://www.securiteam.com/exploits/5CP0F0UDFG.html

OSVDB - 4582

SECUNIA - 11200


Last Updated: 27 May 2016 10:39:35