Lucene search
HistoryJan 10, 2005 - 5:00 a.m.
CVE-2004-1054
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.4
Confidence
High
EPSS
0
Percentile
0.4%
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious “uname” program, which is executed from lsvpd after lsvpd has been invoked by invscout.
Affected configurations
Node
ibmaixMatch5.1
ORibmaixMatch5.1l
ORibmaixMatch5.2
ORibmaixMatch5.2.2
ORibmaixMatch5.2_l
ORibmaixMatch5.3
ORibmaixMatch5.3_l
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | aix | 5.1 | cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:* |
| ibm | aix | 5.1l | cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:* |
| ibm | aix | 5.2 | cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:* |
| ibm | aix | 5.2.2 | cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:* |
| ibm | aix | 5.2_l | cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:* |
| ibm | aix | 5.3 | cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:* |
| ibm | aix | 5.3_l | cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2004-1054
2004-12-22 05:00:00
packetstorm
packetstorm
getr00t.sh
2005-03-25 00:00:00
exploitdb
exploitdb
AIX 4.3/5.1 < 5.3 - 'lsmcode' Execution Privilege Escalation
2004-12-21 00:00:00
AIX 5.3.0 - 'invscout' Local Command Execution
2005-03-25 00:00:00
cve
cve
CVE-2004-1054
2005-01-10 05:00:00
securityvulns
securityvulns
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
6.4
Confidence
High
EPSS
0
Percentile
0.4%
Related for NVD:CVE-2004-1054