CVE-2011-1384 - OpenCVE

The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

AV:L/AC:H/Au:N/C:N/I:C/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix Invscout.rte

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:invscout.rte::::::::
	cpe:2.3:a:ibm:invscout.rte:2.2.0.2:::::::*
	cpe:2.3:a:ibm:invscout.rte:2.2.0.4:::::::*
	cpe:2.3:a:ibm:invscout.rte:2.2.0.7:::::::*
	cpe:2.3:a:ibm:invscout.rte:2.2.0.8:::::::*
	cpe:2.3:a:ibm:invscout.rte:2.2.0.9:::::::*
	cpe:2.3:a:ibm:invscout.rte:2.2.0.10:::::::*
	cpe:2.3:a:ibm:invscout.rte:2.2.0.11:::::::*
	cpe:2.3:a:ibm:invscout.rte:2.2.0.12:::::::*
	cpe:2.3:a:ibm:invscout.rte:2.2.0.13:::::::*
	cpe:2.3:a:ibm:invscout.rte:2.2.0.14:::::::*
	cpe:2.3:a:ibm:invscout.rte:2.2.0.15:::::::*
	cpe:2.3:a:ibm:invscout.rte:2.2.0.17:::::::*

OR	cpe:2.3:o:ibm:aix::::::::
	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:6.1:::::::*

No data.

References

Link	Providers
http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc
http://secunia.com/advisories/47222
http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643
http://www.securityfocus.com/bid/51059
http://www.securityfocus.com/bid/51083
https://exchange.xforce.ibmcloud.com/vulnerabilities/71615

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-01-04T02:00:00

Updated: 2024-08-06T22:21:34.568Z

Reserved: 2011-03-10T00:00:00

Link: CVE-2011-1384

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-01-04T03:55:04.567

Modified: 2017-08-17T01:34:06.743

Link: CVE-2011-1384

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "aix-scout-symlink(71615)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71615"}, {"name": "47222", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47222"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc"}, {"name": "51059", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51059"}, {"name": "51083", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51083"}, {"name": "IV11643", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1384", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "aix-scout-symlink(71615)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71615"}, {"name": "47222", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47222"}, {"name": "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc"}, {"name": "51059", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51059"}, {"name": "51083", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51083"}, {"name": "IV11643", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:21:34.568Z"}, "title": "CVE Program Container", "references": [{"name": "aix-scout-symlink(71615)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71615"}, {"name": "47222", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47222"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc"}, {"name": "51059", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51059"}, {"name": "51083", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51083"}, {"name": "IV11643", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1384", "datePublished": "2012-01-04T02:00:00", "dateReserved": "2011-03-10T00:00:00", "dateUpdated": "2024-08-06T22:21:34.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:invscout.rte:*:*:*:*:*:*:*:*", "matchCriteriaId": "36D9F1AD-E4F6-4CDB-8251-280AB3A24AA6", "versionEndIncluding": "2.2.0.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "917F5D86-1940-4791-A001-9E50B0F25EC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "523443DB-1392-446E-A849-725BB243FE62", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "76A6D2B7-8A8A-45A7-AFB6-7B4E6BA678E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "0C6BB23F-C9D7-46D9-B9B5-34246B35A11A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "373D8BF9-B715-44C3-9470-F1D0D423D896", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "96B0104F-2901-4A2A-A40D-087181F57A8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "1BDA4AAF-6758-407A-BB95-F915D7BF1DD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "B63444E2-2119-45C9-BDB2-A1FB403EE5D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "0932F7A5-A1C1-433D-9885-F4EAD43F46AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "D6667E9B-0738-4715-83EC-A37D962E6A21", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "E29DE445-5ECE-4B2C-BE6C-5E2D8D33593F", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:invscout.rte:2.2.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "AE45686C-FE4B-42AE-ACDB-6FDF0D3819A0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CF7BE3C-BC19-4762-9C74-0AF58258A98D", "versionEndIncluding": "7.1", "vulnerable": false}, {"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507", "vulnerable": false}, {"criteria": "cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD518B94-9CD7-4C45-8766-578CF427B4CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file."}, {"lang": "es", "value": "El programa (1) bin/invscoutClient_VPD_Survey y (2) sbin/invscout_lsvpd en invscout.rte antes de v2.2.0.19 en IBM AIX v7.1, v6.1, v5.3, y anteriores, permite a usuarios locales borrar archivos de su elecci\u00f3n o lanzar las operaciones de exploraci\u00f3n de inventario en archivos de su elecci\u00f3n, a trav\u00e9s de un ataque de enlace simb\u00f3lico en un archivo no especificado."}], "id": "CVE-2011-1384", "lastModified": "2017-08-17T01:34:06.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-01-04T03:55:04.567", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47222"}, {"source": "cve@mitre.org", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/51059"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/51083"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71615"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}