The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte prior to 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and previous versions allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm invscout.rte 2.2.0.15 |
||
ibm invscout.rte 2.2.0.14 |
||
ibm invscout.rte 2.2.0.7 |
||
ibm invscout.rte 2.2.0.4 |
||
ibm invscout.rte 2.2.0.2 |
||
ibm invscout.rte 2.2.0.11 |
||
ibm invscout.rte 2.2.0.10 |
||
ibm invscout.rte 2.2.0.13 |
||
ibm invscout.rte 2.2.0.12 |
||
ibm invscout.rte |
||
ibm invscout.rte 2.2.0.17 |
||
ibm invscout.rte 2.2.0.9 |
||
ibm invscout.rte 2.2.0.8 |