Описание
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.0036
Низкий
7.2 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.
EPSS
Процентиль: 58%
0.0036
Низкий
7.2 High
CVSS2
Дефекты
NVD-CWE-Other