CVE-2004-2697

IBM AIX - Privilege Escalation via Symlink Attack on Inventory Scout Daemon Log File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2697. PoCs published by watercloud.

AI-analyzed exploit summary This exploit leverages a temporary file handling vulnerability in AIX invscoutd to overwrite arbitrary files (e.g., /.rhosts) and gain root access via rsh. It manipulates the log file path to create a symlink attack, leading to privilege escalation.

Description

The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.

Exploits (1)

exploitdb WORKING POC VERIFIED

by watercloud · perllocalaix

https://www.exploit-db.com/exploits/23883

View Code ZIP pw:eip

This exploit leverages a temporary file handling vulnerability in AIX invscoutd to overwrite arbitrary files (e.g., /.rhosts) and gain root access via rsh. It manipulates the log file path to create a symlink attack, leading to privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: AIX invscoutd (AIX 4.x, 5L)

No auth needed

Prerequisites: Local access to the AIX system · invscoutd service running

MITRE ATT&CK