Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 up to and including 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm aix 5.2_l |
||
ibm aix 5.3 |
||
ibm aix 5.2 |
||
ibm aix 5.2.2 |
||
ibm aix 5.1 |
||
ibm aix 5.1l |
||
ibm aix 5.3_l |