FKIE_CVE-2011-1384

Vulnerability from fkie_nvd - Published: 2012-01-04 03:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.
References
cve@mitre.orghttp://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.ascVendor Advisory
cve@mitre.orghttp://secunia.com/advisories/47222Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=isg1IV11643
cve@mitre.orghttp://www.securityfocus.com/bid/51059
cve@mitre.orghttp://www.securityfocus.com/bid/51083
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/71615
af854a3a-2127-422b-91ae-364da2661108http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.ascVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/47222Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/51059
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/51083
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/71615
Impacted products
Vendor Product Version
ibm invscout.rte *
ibm invscout.rte 2.2.0.2
ibm invscout.rte 2.2.0.4
ibm invscout.rte 2.2.0.7
ibm invscout.rte 2.2.0.8
ibm invscout.rte 2.2.0.9
ibm invscout.rte 2.2.0.10
ibm invscout.rte 2.2.0.11
ibm invscout.rte 2.2.0.12
ibm invscout.rte 2.2.0.13
ibm invscout.rte 2.2.0.14
ibm invscout.rte 2.2.0.15
ibm invscout.rte 2.2.0.17
ibm aix *
ibm aix 5.3
ibm aix 6.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D9F1AD-E4F6-4CDB-8251-280AB3A24AA6",
              "versionEndIncluding": "2.2.0.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "917F5D86-1940-4791-A001-9E50B0F25EC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "523443DB-1392-446E-A849-725BB243FE62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "76A6D2B7-8A8A-45A7-AFB6-7B4E6BA678E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C6BB23F-C9D7-46D9-B9B5-34246B35A11A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "373D8BF9-B715-44C3-9470-F1D0D423D896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "96B0104F-2901-4A2A-A40D-087181F57A8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDA4AAF-6758-407A-BB95-F915D7BF1DD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "B63444E2-2119-45C9-BDB2-A1FB403EE5D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0932F7A5-A1C1-433D-9885-F4EAD43F46AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6667E9B-0738-4715-83EC-A37D962E6A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E29DE445-5ECE-4B2C-BE6C-5E2D8D33593F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE45686C-FE4B-42AE-ACDB-6FDF0D3819A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CF7BE3C-BC19-4762-9C74-0AF58258A98D",
              "versionEndIncluding": "7.1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file."
    },
    {
      "lang": "es",
      "value": "El programa (1) bin/invscoutClient_VPD_Survey y (2) sbin/invscout_lsvpd en invscout.rte antes de v2.2.0.19 en IBM AIX v7.1, v6.1, v5.3, y anteriores, permite a usuarios locales borrar archivos de su elecci\u00f3n o lanzar las operaciones de exploraci\u00f3n de inventario en archivos de su elecci\u00f3n, a trav\u00e9s de un ataque de enlace simb\u00f3lico en un archivo no especificado."
    }
  ],
  "id": "CVE-2011-1384",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-01-04T03:55:04.567",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47222"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/51059"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/51083"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/47222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/51083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71615"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.