Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2004-2697

Published: 31/12/2004 Updated: 29/07/2017
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 695
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Ibm

Vulnerability Summary

The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.

Vulnerable Product Search on Vulmon Subscribe to Product

ibm aix 5.1l

ibm aix 4.3.3

ibm aix 5.1

Exploits

Exploit DB: AIX 4.3.3/5.1 - Invscoutd Symbolic Link
source: wwwsecurityfocuscom/bid/9982/info Reportedly AIX invscoutd insecurely handles temporary files; this may allow a local attacker to destroy data on vulnerable system This issue is due to a design error that allows a user to specify a log file that the process writes to while holding escalated privileges This issue may allow a mal ...

References

CWE-362http://www.securiteam.com/exploits/5CP0F0UDFG.htmlhttp://www.xfocus.org/exploits/200403/31.htmlhttp://www.securityfocus.com/bid/9982http://www.osvdb.org/4582http://secunia.com/advisories/11200https://exchange.xforce.ibmcloud.com/vulnerabilities/15620https://nvd.nist.govhttps://www.exploit-db.com/exploits/23883/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook