IBM AIX Inventory Scout Denial Of Service Vulnerability

Bugtraq ID:	25556
Class:	Access Validation Error
CVE:	CVE-2007-4798
Remote:	No
Local:	Yes
Published:	Sep 05 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	The vendor discovered this issue during an internal code audit.
Vulnerable:	IBM AIX 5.3 IBM AIX 5.2
Not Vulnerable:

IBM AIX Inventory Scout Denial Of Service Vulnerability

IBM AIX is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to delete arbitrary system files on affected computers to cause denial-of-service conditions.

IBM AIX Inventory Scout Denial Of Service Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

IBM AIX Inventory Scout Denial Of Service Vulnerability

Solution:
The vendor released advisories and updates to address this issue. Please see the references for more information.


IBM AIX 5.2

• IBM invscout_ifix.tar.Z
  ftp://aix.software.ibm.com/aix/efixes/security/invscout_ifix.tar.Z

IBM AIX 5.3

• IBM invscout_ifix.tar.Z
  ftp://aix.software.ibm.com/aix/efixes/security/invscout_ifix.tar.Z

IBM AIX Inventory Scout Denial Of Service Vulnerability

References:

• AIX Homepage (IBM)
  
• AIX inventory scout file deletion vulnerability (IBM)
  
• AIX inventory scout file deletion vulnerability (IBM)