Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1384

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2011-1384
Last Modified 04 Jan 2012 12:00:00
Published 03 Jan 2012 10:55:04
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2011-1384

Summary

The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.

Vulnerable Systems

Application

  • Ibm Invscout.rte 2.2.0.10

  • Ibm Invscout.rte 2.2.0.11

  • Ibm Invscout.rte 2.2.0.12

  • Ibm Invscout.rte 2.2.0.13

  • Ibm Invscout.rte 2.2.0.14

  • Ibm Invscout.rte 2.2.0.15

  • Ibm Invscout.rte 2.2.0.17

  • Ibm Invscout.rte 2.2.0.18

  • Ibm Invscout.rte 2.2.0.2

  • Ibm Invscout.rte 2.2.0.4

  • Ibm Invscout.rte 2.2.0.7

  • Ibm Invscout.rte 2.2.0.8

  • Ibm Invscout.rte 2.2.0.9


References

XF - aix-scout-symlink(71615)

BID - 51083

BID - 51059

AIXAPAR - IV11643

SECUNIA - 47222

CONFIRM - http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc

Related Patches

IBM AIX APAR IV11643: 5.3: POTENTIAL SECURITY ISSUE

IBM AIX APAR IV11643: 6.1: POTENTIAL SECURITY ISSUE


Last Updated: 27 May 2016 10:57:18