← back
CVE-2004-1329

CVE-2004-1329

EPSS 3.3%
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/701unverifiedexploitdbwww.exploit-db.com/exploits/25039unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=110355931920123&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/18620https://www.exploit-db.com/exploits/701http://www-1.ibm.com/support/search.wss?rs=0&q=IY64277&apar=onlyhttp://www-1.ibm.com/support/search.wss?rs=0&q=IY64389&apar=onlyhttp://www.securityfocus.com/archive/1/464276/100/0/threadedhttp://www.securityfocus.com/archive/1/464481/100/0/threadedhttp://www.securityfocus.com/bid/12041