CVE-2004-1329
Description
Local users can execute arbitrary programs with root privileges via the DIAGNOSTICS environment variable in AIX diagnostic tools.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local users can execute arbitrary programs with root privileges via the DIAGNOSTICS environment variable in AIX diagnostic tools.
Vulnerability
In AIX versions 5.1 through 5.3, the setuid-root diagnostic binaries lsmcode, diag_exec, invscout, and invscoutd use the DIAGNOSTICS environment variable unsafely to locate and execute the Dctrl tool. [1] The path specified by DIAGNOSTICS is prepended to bin/Dctrl and executed as root without validation. Affected are AIX 5.1, 5.2, and 5.3.
Exploitation
An attacker with local access can create a directory structure with a malicious Dctrl script (e.g., in /tmp/aap/bin/Dctrl), set DIAGNOSTICS to that directory, and run any of the affected binaries. [1][4] The binary will execute the attacker's Dctrl as root, allowing arbitrary commands. No authentication beyond a local shell is needed.
Impact
Successful exploitation grants the attacker a root shell or allows execution of arbitrary code with root privileges. [1] This is a full compromise of the system.
Mitigation
IBM has released fixes: APAR IY64389 for AIX 5.1, IY64523 for AIX 5.2, and IY64277 for AIX 5.3. [1] These patches should be applied. Workarounds include removing setuid permissions from the binaries or restricting access to trusted users.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*
- (no CPE)range: 5.1 through 5.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www-1.ibm.com/support/search.wssnvdPatchVendor Advisory
- www-1.ibm.com/support/search.wssnvdPatchVendor Advisory
- www.securityfocus.com/bid/12041nvdExploitPatchVendor Advisory
- marc.infonvd
- www.securityfocus.com/archive/1/464276/100/0/threadednvd
- www.securityfocus.com/archive/1/464481/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/18620nvd
- www.exploit-db.com/exploits/701nvd
News mentions
0No linked articles in our index yet.