Lucene search
MitreCVE-2004-1054HistoryJan 10, 2005 - 5:00 a.m.
CVE-2004-1054
2005-01-1005:00:00
mitre
web.nvd.nist.gov
29
ibm aix
vulnerability
invscout
untrusted execution
path environment variable
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.4
Confidence
High
EPSS
0
Percentile
0.4%
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious “uname” program, which is executed from lsvpd after lsvpd has been invoked by invscout.
Affected configurations
Node
ibmaixMatch5.1
ORibmaixMatch5.1l
ORibmaixMatch5.2
ORibmaixMatch5.2.2
ORibmaixMatch5.2_l
ORibmaixMatch5.3
ORibmaixMatch5.3_l
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | aix | 5.1 | cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:* |
| ibm | aix | 5.1l | cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:* |
| ibm | aix | 5.2 | cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:* |
| ibm | aix | 5.2.2 | cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:* |
| ibm | aix | 5.2_l | cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:* |
| ibm | aix | 5.3 | cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:* |
| ibm | aix | 5.3_l | cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2004-1054
2004-12-22 05:00:00
packetstorm
packetstorm
getr00t.sh
2005-03-25 00:00:00
exploitdb
exploitdb
AIX 4.3/5.1 < 5.3 - 'lsmcode' Execution Privilege Escalation
2004-12-21 00:00:00
AIX 5.3.0 - 'invscout' Local Command Execution
2005-03-25 00:00:00
nvd
nvd
CVE-2004-1054
2005-01-10 05:00:00
securityvulns
securityvulns
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.4
Confidence
High
EPSS
0
Percentile
0.4%
Related for CVE-2004-1054