consoleinst.sh in IBM Installation Manager prior to 1.7.4.4 and 1.8.x prior to 1.8.4 and Packaging Utility prior to 1.7.4.4 and 1.8.x prior to 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm installation manager 1.8.3.0 |
||
ibm installation manager 1.8.2.1 |
||
ibm packaging utility 1.8.1.0 |
||
ibm packaging utility 1.8.0.0 |
||
ibm installation manager 1.8.2.0 |
||
ibm installation manager 1.8.1.0 |
||
ibm packaging utility |
||
ibm installation manager 1.7.4.3 |
||
ibm packaging utility 1.8.3.0 |
||
ibm packaging utility 1.8.2.0 |
||
ibm installation manager 1.8.0.0 |
||
ibm packaging utility 1.8.2.1 |