Cees-Bart

Name of the Vulnerable Software and Affected Versions: AIX versions 5.1 through 5.3 Description: The issue allows local users to execute arbitrary programs by modifying the `DIAGNOSTICS` environment variable to point to a malicious Dctrl program, affecting the diag commands `lsmcode`, `diag exec`, `invscout`, and `invscoutd`. Recommendations: For AIX versions 5.1 through 5.3, consider restricting access to the diag commands `lsmcode`, `diag exec`, `invscout`, and `invscoutd` to minimize the risk of exploitation. Avoid modifying the `DIAGNOSTICS` environment variable to point to untrusted Dctrl programs until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.