header-logo
Suggest Exploit
vendor:
AIX
by:
Unknown
5
CVSS
MEDIUM
File Disclosure
200
CWE
Product Name: AIX
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: o:ibm:aix
Metasploit:
Other Scripts:
Platforms Tested: AIX
Unknown

Vulnerability in lquerypv command under AIX

By using the '-h' flag in the lquerypv command, an attacker can read any file on the file system in hex format.

Mitigation:

Update to a patched version of AIX or restrict access to the lquerypv command.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/455/info

There exists a vulnerability in the lquerypv command under AIX. By using the '-h' flaq, a user may read any file on the file system in hex format. 


/usr/sbin/lquerypv -h /pathtofilename

Navigation

Suggest Exploit

Services By CQR