Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-1119Improper Restriction of Operations within the Bounds of a Memory Buffer in IBM AIX

7 documents4 sources
Severity
4.6MEDIUMNVD
EPSS
0.2%
top 63.50%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM AIX
Timeline
PublishedJan 9
Latest updateApr 30

Description

Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDibm/aix6 versions+5

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-jxr7-cc77-4ch7: Buffer overflow in setsenv command in IBM AIX 42022-04-30
CVEList
CVE-2000-1119: Buffer overflow in setsenv command in IBM AIX 42001-05-07

💥Exploits & PoCs

4
Exploit-DB
Microsoft DirectWrite / AFDKO - Stack Corruption in OpenType Font Handling Due to Incorrect Handling of blendArray2019-07-10
Exploit-DB
IBM AIX 4.x - '/usr/bin/setsenv' Local Buffer Overflow2000-12-01
Exploit-DB
Concatus IMate Web Mail Server 2.5 - Remote Buffer Overflow2000-06-01
Exploit-DB
Panda Security 3.0 - Multiple Vulnerabilities2000-04-17
CVE-2000-1119 — IBM AIX vulnerability | cvebase