Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AIX 'lsfs'本地权限提升漏洞
Vulnerability Description
AIX是一款由IBM公司开发和维护的商业性质UNIX操作系统。 AIX中包含的lsfs工具在执行其他系统工具时没有正确检查执行程序的路径,本地攻击者可以利用这个漏洞以特权用户权限执行任意命令。 lsfs工具是用来显示文件系统信息的工具,如文件系统挂接点、权限、卷大小等信息。要对此信息列表,它会执行lslv来列出逻辑卷和使用'grep'来解析输出结果。当执行'grep'和'lslv'时由于lsfs使用相对路径名,攻击者可以修改SHELL PATH环境变量来欺骗lsfs工具运行攻击者提供的二进制程序,因为ls
CVSS Information
N/A
Vulnerability Type
N/A