4

CVE-2011-1384

The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmInvscout.Rte Version <= 2.2.0.18
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
IbmInvscout.Rte Version2.2.0.2
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
IbmInvscout.Rte Version2.2.0.4
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
IbmInvscout.Rte Version2.2.0.7
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
IbmInvscout.Rte Version2.2.0.8
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
IbmInvscout.Rte Version2.2.0.9
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
IbmInvscout.Rte Version2.2.0.10
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
IbmInvscout.Rte Version2.2.0.11
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
IbmInvscout.Rte Version2.2.0.12
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
IbmInvscout.Rte Version2.2.0.13
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
IbmInvscout.Rte Version2.2.0.14
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
IbmInvscout.Rte Version2.2.0.15
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
IbmInvscout.Rte Version2.2.0.17
   IbmAix Version <= 7.1
   IbmAix Version5.3
   IbmAix Version6.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.05
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 1.9 6.9
AV:L/AC:H/Au:N/C:N/I:C/A:N
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.