Untrusted Execution Path Vulnerability in AIX Diag Commands

Untrusted Execution Path Vulnerability in AIX Diag Commands

CVE-2004-1329 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.

Learn more about our Cis Benchmark Audit For Ibm Aix.