CVE-2004-1329 - Vulnerability Details - OpenCVE

Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:5.1:::::::*
	cpe:2.3:o:ibm:aix:5.1l:::::::*
	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.2.2:::::::*
	cpe:2.3:o:ibm:aix:5.2_l:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*
	cpe:2.3:o:ibm:aix:5.3_l:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=110355931920123&w=2
http://www-1.ibm.com/support/search.wss?rs=0&q=IY64277&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY64389&apar=only
http://www.securityfocus.com/archive/1/464276/100/0/threaded
http://www.securityfocus.com/archive/1/464481/100/0/threaded
http://www.securityfocus.com/bid/12041
https://exchange.xforce.ibmcloud.com/vulnerabilities/18620
https://www.exploit-db.com/exploits/701

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00157}`	epss `{'score': 0.00424}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-01-06T05:00:00

Updated: 2024-08-08T00:46:12.393Z

Reserved: 2005-01-06T00:00:00

Link: CVE-2004-1329

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2004-12-20T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-1329

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-12-20T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "701", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/701"}, {"name": "IY64389", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64389&apar=only"}, {"name": "20041220 AIX 5.1/5.2/5.3 local root exploits", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=110355931920123&w=2"}, {"name": "20070330 AIX 4.3 lsmcode local root command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/464276/100/0/threaded"}, {"name": "IY64277", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64277&apar=only"}, {"name": "12041", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/12041"}, {"name": "aix-diagnostics-gain-privileges(18620)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18620"}, {"name": "20070402 Re: AIX 4.3 lsmcode local root command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/464481/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1329", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "701", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/701"}, {"name": "IY64389", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64389&apar=only"}, {"name": "20041220 AIX 5.1/5.2/5.3 local root exploits", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=110355931920123&w=2"}, {"name": "20070330 AIX 4.3 lsmcode local root command execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464276/100/0/threaded"}, {"name": "IY64277", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64277&apar=only"}, {"name": "12041", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12041"}, {"name": "aix-diagnostics-gain-privileges(18620)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18620"}, {"name": "20070402 Re: AIX 4.3 lsmcode local root command execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/464481/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:46:12.393Z"}, "title": "CVE Program Container", "references": [{"name": "701", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/701"}, {"name": "IY64389", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64389&apar=only"}, {"name": "20041220 AIX 5.1/5.2/5.3 local root exploits", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=110355931920123&w=2"}, {"name": "20070330 AIX 4.3 lsmcode local root command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/464276/100/0/threaded"}, {"name": "IY64277", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64277&apar=only"}, {"name": "12041", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/12041"}, {"name": "aix-diagnostics-gain-privileges(18620)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18620"}, {"name": "20070402 Re: AIX 4.3 lsmcode local root command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/464481/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1329", "datePublished": "2005-01-06T05:00:00", "dateReserved": "2005-01-06T00:00:00", "dateUpdated": "2024-08-08T00:46:12.393Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "BCB23261-D5A9-4C49-B08E-97A63ED6F84A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*", "matchCriteriaId": "43E38D56-80BA-460C-A296-ED7F506E4364", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "EBD01F19-4B30-4147-AC48-7F5C64EE80CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*", "matchCriteriaId": "104E5C14-6D87-494B-8D60-0443ADDCD31A", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*", "matchCriteriaId": "435340B0-AD02-4174-BC7F-6A7C222A7F6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program."}], "id": "CVE-2004-1329", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-20T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=110355931920123&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64277&apar=only"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64389&apar=only"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/464276/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/464481/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/12041"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18620"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/701"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=110355931920123&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64277&apar=only"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64389&apar=only"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/464276/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/464481/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/12041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18620"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/701"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}