CVE-2007-4798

Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix".

CVSS v2.0 6.6 MEDIUM

6.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:N/I:C/A:C

Exploitability : 3.9 / Impact : 9.2

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3846	Patch
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3847	Patch
http://www-1.ibm.com/support/docview.wss?uid=isg1IY98506	Patch
http://www.securityfocus.com/bid/25556	Patch
http://secunia.com/advisories/26715	Patch Vendor Advisory
http://osvdb.org/40393
http://www.vupen.com/english/advisories/2007/3059
https://exchange.xforce.ibmcloud.com/vulnerabilities/36447

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:5.2:::::::*

Information

Published : 2007-09-10 14:17

Updated : 2017-07-28 18:33

NVD link : CVE-2007-4798

Mitre link : CVE-2007-4798

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

ibm

aix

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3846", "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3846", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3847", "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3847", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY98506", "name": "IY98506", "tags": ["Patch"], "refsource": "AIXAPAR"}, {"url": "http://www.securityfocus.com/bid/25556", "name": "25556", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/26715", "name": "26715", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/40393", "name": "40393", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/3059", "name": "ADV-2007-3059", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36447", "name": "aix-inventoryscout-dos(36447)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in \"unix\"."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-4798", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 9.2, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-09-10T21:17Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:33Z"}