Design/Logic Flaw

2012-01-0403:55:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.

CPENameOperatorVersion
invscout.rtele2.2.0.18
invscout.rteeq2.2.0.2
invscout.rteeq2.2.0.4
invscout.rteeq2.2.0.7
invscout.rteeq2.2.0.8
invscout.rteeq2.2.0.9
invscout.rteeq2.2.0.10
invscout.rteeq2.2.0.11
invscout.rteeq2.2.0.12
invscout.rteeq2.2.0.13

Name	Operator	Version
invscout.rte	le	2.2.0.18
invscout.rte	eq	2.2.0.2
invscout.rte	eq	2.2.0.4
invscout.rte	eq	2.2.0.7
invscout.rte	eq	2.2.0.8
invscout.rte	eq	2.2.0.9
invscout.rte	eq	2.2.0.10
invscout.rte	eq	2.2.0.11
invscout.rte	eq	2.2.0.12
invscout.rte	eq	2.2.0.13