Lucene search

MitreCVE-2011-1384

HistoryJan 04, 2012 - 3:55 a.m.

CVE-2011-1384

2012-01-0403:55:04

CWE-59

mitre

web.nvd.nist.gov

ibm aix

invscout.rte

symlink attack

cve-2011-1384

nvd

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:C/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.

Affected configurations

Nvd

Node

ibminvscout.rteRange≤2.2.0.18

ibminvscout.rteMatch2.2.0.2

ibminvscout.rteMatch2.2.0.4

ibminvscout.rteMatch2.2.0.7

ibminvscout.rteMatch2.2.0.8

ibminvscout.rteMatch2.2.0.9

ibminvscout.rteMatch2.2.0.10

ibminvscout.rteMatch2.2.0.11

ibminvscout.rteMatch2.2.0.12

ibminvscout.rteMatch2.2.0.13

ibminvscout.rteMatch2.2.0.14

ibminvscout.rteMatch2.2.0.15

ibminvscout.rteMatch2.2.0.17

AND

ibmaixRange≤7.1

ibmaixMatch5.3

ibmaixMatch6.1

VendorProductVersionCPE
ibminvscout.rte*cpe:2.3:a:ibm:invscout.rte:*:*:*:*:*:*:*:*
ibminvscout.rte2.2.0.2cpe:2.3:a:ibm:invscout.rte:2.2.0.2:*:*:*:*:*:*:*
ibminvscout.rte2.2.0.4cpe:2.3:a:ibm:invscout.rte:2.2.0.4:*:*:*:*:*:*:*
ibminvscout.rte2.2.0.7cpe:2.3:a:ibm:invscout.rte:2.2.0.7:*:*:*:*:*:*:*
ibminvscout.rte2.2.0.8cpe:2.3:a:ibm:invscout.rte:2.2.0.8:*:*:*:*:*:*:*
ibminvscout.rte2.2.0.9cpe:2.3:a:ibm:invscout.rte:2.2.0.9:*:*:*:*:*:*:*
ibminvscout.rte2.2.0.10cpe:2.3:a:ibm:invscout.rte:2.2.0.10:*:*:*:*:*:*:*
ibminvscout.rte2.2.0.11cpe:2.3:a:ibm:invscout.rte:2.2.0.11:*:*:*:*:*:*:*
ibminvscout.rte2.2.0.12cpe:2.3:a:ibm:invscout.rte:2.2.0.12:*:*:*:*:*:*:*
ibminvscout.rte2.2.0.13cpe:2.3:a:ibm:invscout.rte:2.2.0.13:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	invscout.rte	*	cpe:2.3:a:ibm:invscout.rte::::::::
ibm	invscout.rte	2.2.0.2	cpe:2.3:a:ibm:invscout.rte:2.2.0.2:::::::*
ibm	invscout.rte	2.2.0.4	cpe:2.3:a:ibm:invscout.rte:2.2.0.4:::::::*
ibm	invscout.rte	2.2.0.7	cpe:2.3:a:ibm:invscout.rte:2.2.0.7:::::::*
ibm	invscout.rte	2.2.0.8	cpe:2.3:a:ibm:invscout.rte:2.2.0.8:::::::*
ibm	invscout.rte	2.2.0.9	cpe:2.3:a:ibm:invscout.rte:2.2.0.9:::::::*
ibm	invscout.rte	2.2.0.10	cpe:2.3:a:ibm:invscout.rte:2.2.0.10:::::::*
ibm	invscout.rte	2.2.0.11	cpe:2.3:a:ibm:invscout.rte:2.2.0.11:::::::*
ibm	invscout.rte	2.2.0.12	cpe:2.3:a:ibm:invscout.rte:2.2.0.12:::::::*
ibm	invscout.rte	2.2.0.13	cpe:2.3:a:ibm:invscout.rte:2.2.0.13:::::::*

Rows per page:

1-10 of 161

References

aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc

secunia.com/advisories/47222

www-01.ibm.com/support/docview.wss?uid=isg1IV11643

www.securityfocus.com/bid/51059

www.securityfocus.com/bid/51083

exchange.xforce.ibmcloud.com/vulnerabilities/71615

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:C/A:N

AI Score

6.4

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2011-1384