CVE-2004-1054

IBM AIX <5.3.0 - Privilege Escalation

Title source: llm

Description

Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.

Exploits (2)

exploitdb WORKING POC VERIFIED
by ri0t · bashlocalaix
https://www.exploit-db.com/exploits/898
exploitdb WORKING POC VERIFIED
by cees-bart · bashlocalaix
https://www.exploit-db.com/exploits/701

References (5)

Scores

EPSS 0.0036
EPSS Percentile 58.2%

Details

Status published
Products (7)
ibm/aix 5.1
ibm/aix 5.1l
ibm/aix 5.2
ibm/aix 5.2.2
ibm/aix 5.2_l
ibm/aix 5.3
ibm/aix 5.3_l
Published Jan 10, 2005
Tracked Since Feb 18, 2026