OSVDB ID: 4582 Title: IBM AIX invscoutd Insecure Logfile Handling |
Info |
|
|
Dates |
||||
|
|
Description |
IBM inventory scout for AIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when running the invscoutd command using a malicous logfile name. This flaw may lead to escalated privileges an loss of confidentiality and/or integrity. |
Classification |
Location:
Local Access Required
Attack Type: Input Manipulation Impact: Loss of Confidentiality, Loss of Integrity Exploit: Exploit Public |
Solution |
Upgrade to latest version of inventory scout, as higher numbered versions have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
Products |
|
References |
|
Credit |
|
xfocus.org - Xfocus Team