Vulnerabilities > CVE-2005-0261 - Local File Disclosure vulnerability in IBM AIX LSPath Unauthorized

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ibm

NVD

Published: 2005-02-10

Updated: 2017-07-11

Summary

lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM AIX 5.2 IBM AIX 5.3	2

References

http://secunia.com/advisories/14232
http://www.idefense.com/application/poi/display?id=195&type=vulnerabilities
http://www.securityfocus.com/bid/12513
http://www-1.ibm.com/support/search.wss?rs=0&q=IY67457&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY67655&apar=only
https://exchange.xforce.ibmcloud.com/vulnerabilities/19281