Vulnerabilities > CVE-2004-1054 - Unspecified vulnerability in IBM AIX

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
ibm
exploit available
NVD
Published: 2005-01-10
Updated: 2017-07-11

Summary

Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.

Vulnerable Configurations

Part Description Count
OS
Ibm
7

Exploit-Db

  • descriptionAIX 4.3/5.1 - 5.3 lsmcode Local Root Command Execution. CVE-2004-1054. Local exploit for aix platform
    idEDB-ID:701
    last seen2016-01-31
    modified2004-12-21
    published2004-12-21
    reportercees-bart
    sourcehttps://www.exploit-db.com/download/701/
    titleAIX 4.3/5.1 - 5.3 lsmcode Local Root Command Execution
  • descriptionAIX <= 5.3.0 (invscout) Local Command Execution Vulnerability. CVE-2004-1054. Local exploit for aix platform
    idEDB-ID:898
    last seen2016-01-31
    modified2005-03-25
    published2005-03-25
    reporterri0t
    sourcehttps://www.exploit-db.com/download/898/
    titleAIX <= 5.3.0 invscout Local Command Execution Vulnerability

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/36794/getr00t.sh
idPACKETSTORM:36794
last seen2016-12-05
published2005-03-25
reporterri0t
sourcehttps://packetstormsecurity.com/files/36794/getr00t.sh.html
titlegetr00t.sh

References