This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote host contains a program that could allow a user to delete
or manipulate files without authorization.
According to its self-reported version, the Inventory Scout install on
the remote host is a version prior to 220.127.116.11. It, therefore, could
allow a local user to delete arbitrary files or have Inventory Scout
operations operate on arbitrary files using a symlink attack.
See also :
Upgrade to Inventory Scout 18.104.22.168 or later.
Alternatively, remove the setuid bit from the affected files using the
following commands :
- chmod 555 /opt/IBMinvscout/bin/invscoutClient_VPD_Survey
- chmod 555 /opt/IBMinvscout/sbin/invscout_lsvpd
Note that this will disable functionality of these commands for all
users except root.
Risk factor :
Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.3
Public Exploit Available : true
Nessus Plugin ID: 73966 ()
Bugtraq ID: 51059
CVE ID: CVE-2011-1384
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.