Description
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71615
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47222
Vendor Advisory x_refsource_confirm
http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51059
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51083
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=isg1IV11643
Scores
EPSS
0.0035
EPSS Percentile
26.5%
Details
CWE
CWE-59
Status
published
Products (13)
ibm/invscout.rte
2.2.0.2
ibm/invscout.rte
2.2.0.4
ibm/invscout.rte
2.2.0.7
ibm/invscout.rte
2.2.0.8
ibm/invscout.rte
2.2.0.9
ibm/invscout.rte
2.2.0.10
ibm/invscout.rte
2.2.0.11
ibm/invscout.rte
2.2.0.12
ibm/invscout.rte
2.2.0.13
ibm/invscout.rte
2.2.0.14
... and 3 more
Published
Jan 04, 2012
Tracked Since
Feb 18, 2026