Описание
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2004-1054
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18619
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY64820&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY64852&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY64976&apar=only
- http://www.idefense.com/application/poi/display?id=171&type=vulnerabilities
EPSS
CVE ID
Связанные уязвимости
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.
EPSS