Vulnerabilities > CVE-2004-1329 - Local Privilege Escalation vulnerability in IBM AIX Diag
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 7 |
Exploit-Db
description IBM AIX 5.x Diag Local Privilege Escalation Vulnerabilities. CVE-2004-1329. Local exploit for aix platform id EDB-ID:25039 last seen 2016-02-03 modified 2004-12-20 published 2004-12-20 reporter cees-bart source https://www.exploit-db.com/download/25039/ title IBM AIX 5.x - Diag Local Privilege Escalation Vulnerabilities id EDB-ID:701
References
- http://marc.info/?l=bugtraq&m=110355931920123&w=2
- http://www.securityfocus.com/archive/1/464276/100/0/threaded
- http://www.securityfocus.com/archive/1/464481/100/0/threaded
- http://www.securityfocus.com/bid/12041
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY64277&apar=only
- http://www-1.ibm.com/support/search.wss?rs=0&q=IY64389&apar=only
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18620
- https://www.exploit-db.com/exploits/701