Watercloud has reported a vulnerability in AIX, which can be exploited by malicious, local users to perform certain actions on a system with escalated privileges.
A user invoking "invscoutd" may specify a logfile as a command line argument. This may reportedly be exploited to create or overwrite files with escalated privileges by supplying the path of an arbitrary file.
The vulnerability has been reported in earlier versions of invscoutd included in AIX 4.3.3 and AIX 5.1.
NOTE: An exploit has been published, which uses a special attack vector to gain root privileges on an affected system.
Solution: Grant only trusted users access to affected systems.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com