Overview
- Description
- Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCB23261-D5A9-4C49-B08E-97A63ED6F84A"
},
{
"criteria": "cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43E38D56-80BA-460C-A296-ED7F506E4364"
},
{
"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B"
},
{
"criteria": "cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBD01F19-4B30-4147-AC48-7F5C64EE80CD"
},
{
"criteria": "cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "104E5C14-6D87-494B-8D60-0443ADDCD31A"
},
{
"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507"
},
{
"criteria": "cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "435340B0-AD02-4174-BC7F-6A7C222A7F6D"
}
],
"operator": "OR"
}
]
}
]