PT-2004-2039 · Ibm · Aix
Publicado
2004-12-22
·
Atualizado
2017-07-11
·
CVE-2004-1054
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
IBM AIX versions 5.1.0 through 5.3.0
Description:
The issue allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program. This malicious program is executed from
lsvpd after lsvpd has been invoked by invscout.Recommendations:
For IBM AIX versions 5.1.0 through 5.3.0, consider restricting modifications to the PATH environment variable to prevent pointing to malicious programs until a fix is available. As a temporary workaround, consider disabling the execution of
uname programs from untrusted paths.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Aix