AIX Inventory Scout invscoutClient_VPD_Survey Arbitrary File Overwrite

2006-09-26T09:33:51
ID OSVDB:29189
Type osvdb
Reporter OSVDB
Modified 2006-09-26T09:33:51

Description

Vulnerability Description

The vulnerability is caused due to an unspecified error in invscoutClient_VPD_Survey when performing a survey of the Vital Product Database. This can be exploited to overwrite the contents of arbitrary files, and can further be exploited that may cause a Denial of Service.

A local attacker may be able to exploit this issue to overwrite arbitrary files and corrupt sensitive data, which could lead to Privilege-escalation attacks.

Solution Description

Apply Interim fix until APARs are available. ftp://aix.software.ibm.com/aix/efixes/security/invscoutClient_VPD_Survey.tar.Z

Short Description

The vulnerability is caused due to an unspecified error in invscoutClient_VPD_Survey when performing a survey of the Vital Product Database. This can be exploited to overwrite the contents of arbitrary files, and can further be exploited that may cause a Denial of Service.

A local attacker may be able to exploit this issue to overwrite arbitrary files and corrupt sensitive data, which could lead to Privilege-escalation attacks.

References:

Vendor Specific News/Changelog Entry: http://www-1.ibm.com/support/docview.wss?uid=isg1IY88735 Secunia Advisory ID:22062 CVE-2006-5002 Bugtraq ID: 20199