CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 3CVE-2004-1329 – IBM AIX 5.x - 'Diag' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-1329
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program. • https://www.exploit-db.com/exploits/25039 http://marc.info/?l=bugtraq&m=110355931920123&w=2 http://www-1.ibm.com/support/search.wss?rs=0&q=IY64277&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY64389&apar=only http://www.securityfocus.com/archive/1/464276/100/0/threaded http://www.securityfocus.com/archive/1/464481/100/0/threaded http://www.securityfocus.com/bid/12041 https://exchange.xforce.ibmcloud.com/vulnerabilities/18620 https://www.exploit-d •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-0828
https://notcve.org/view.php?id=CVE-2004-0828
The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files. El programa ctstrtcasd en RSCT 2.3.0.0 y anteriores para IBM AIX 5.2 Y 5.3 no se deshace adecuamente de privilegios antes de ejecutar la opción -f, lo que permite a usuarios locales modificar o crear ficheros arbitrarios. • http://secunia.com/advisories/12664 http://securitytracker.com/id?1011429 http://www.securityfocus.com/bid/11264 https://exchange.xforce.ibmcloud.com/vulnerabilities/17514 •