IBM Inventory Scout < 188.8.131.52 Symlink Vulnerability
Medium Nessus Plugin ID 73966
SynopsisThe remote host contains a program that could allow a user to delete or manipulate files without authorization.
DescriptionAccording to its self-reported version, the Inventory Scout install on the remote host is a version prior to 184.108.40.206. It, therefore, could allow a local user to delete arbitrary files or have Inventory Scout operations operate on arbitrary files using a symlink attack.
SolutionUpgrade to Inventory Scout 220.127.116.11 or later.
Alternatively, remove the setuid bit from the affected files using the following commands :
- chmod 555 /opt/IBMinvscout/bin/invscoutClient_VPD_Survey
- chmod 555 /opt/IBMinvscout/sbin/invscout_lsvpd
Note that this will disable functionality of these commands for all users except root.