Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2697Race Condition in IBM AIX

CWE-362Race Condition5 documents4 sources
Severity
6.9MEDIUMNVD
EPSS
0.7%
top 28.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM AIX
Timeline
PublishedDec 31
Latest updateApr 29

Description

The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

NVDibm/aix4.3.3, 5.1, 5.1l+2

🔴Vulnerability Details

2
GHSA
GHSA-w84v-vmqq-p8vc: The Inventory Scout daemon (invscoutd) 12022-04-29
CVEList
CVE-2004-2697: The Inventory Scout daemon (invscoutd) 12007-10-06

💥Exploits & PoCs

2
Exploit-DB
Easy-Content Forums 1.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities2006-05-26
Exploit-DB
AIX 4.3.3/5.1 - Invscoutd Symbolic Link2003-05-29
CVE-2004-2697 — Race Condition in IBM AIX | cvebase