all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

IBM AIX 7.2 inscout Privilege Escalation

Add to bookmarks
May 18, 2023, 2:03 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits a command injection vulnerability in IBM AIX invscout set-uid root utility present in AIX 7.2 and earlier. The undocumented -rpm argument can be used to install an RPM file; and the undocumented -o argument passes arguments to the rpm utility without validation, leading to command injection with effective-uid root privileges. This module has been tested successfully on AIX 7.2.

aix argument command command injection escalation exploits file ibm injection install metasploit privilege privilege escalation privileges root rpm utility validation vulnerability

Visit resource

More from packetstormsecurity.com / Packet Storm

AIDE 0.18.7 1 day, 4 hours ago | packetstormsecurity.com
advanced aide algorithms can +17
Systemd Insecure PTY Handling 1 day, 4 hours ago | packetstormsecurity.com
changing handling high insecure +5
Microsoft PlayReady Toolkit 1 day, 4 hours ago | packetstormsecurity.com
access acquisition client code +19
Docker Privileged Container Kernel Escape 1 day, 4 hours ago | packetstormsecurity.com
can container container escape daemon +9
Gentoo Linux Security Advisory 202405-16 1 day, 4 hours ago | packetstormsecurity.com
advisory apache apache commons can +11
Gentoo Linux Security Advisory 202405-15 1 day, 4 hours ago | packetstormsecurity.com
advisory can code code execution +12
Gentoo Linux Security Advisory 202405-14 1 day, 4 hours ago | packetstormsecurity.com
advisory code code execution gentoo +7
Gentoo Linux Security Advisory 202405-13 1 day, 4 hours ago | packetstormsecurity.com
advisory can gentoo injection +6
Gentoo Linux Security Advisory 202405-12 1 day, 4 hours ago | packetstormsecurity.com
advisory arbitrary code arbitrary code execution can +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Product Regulatory Compliance Specialist

@ Avery Dennison | Oegstgeest, Netherlands
View on infosec-jobs.com

Cyber Security Analyst

@ FinClear | Melbourne, Australia
View on infosec-jobs.com

Senior Application Security Manager, United States-(Virtual)

@ Stanley Black & Decker | New Britain CT USA - 1000 Stanley Dr
View on infosec-jobs.com

Vice President - Information Security Management - FedRAMP

@ JPMorgan Chase & Co. | Chicago, IL, United States
View on infosec-jobs.com

Vice President, Threat Intelligence & AI

@ Arctic Wolf | Remote - Minnesota
View on infosec-jobs.com

Cybersecurity Analyst

@ Resource Management Concepts, Inc. | Dahlgren, Virginia, United States
View on infosec-jobs.com
View more jobs