Vulnerability Description
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Invscout.Rte | <= 2.2.0.18 |
| Ibm | Aix | <= 7.1 |
Related Weaknesses (CWE)
References
- http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.ascVendor Advisory
- http://secunia.com/advisories/47222Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643
- http://www.securityfocus.com/bid/51059
- http://www.securityfocus.com/bid/51083
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71615
- http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.ascVendor Advisory
- http://secunia.com/advisories/47222Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643
- http://www.securityfocus.com/bid/51059
- http://www.securityfocus.com/bid/51083
- https://exchange.xforce.ibmcloud.com/vulnerabilities/71615
FAQ
What is CVE-2011-1384?
CVE-2011-1384 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger...
How severe is CVE-2011-1384?
CVE-2011-1384 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1384?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Invscout.Rte, Ibm Aix.