CVE-2003-0784Use of Externally-Controlled Format String in IBM AIX

3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
1.2%
top 21.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM AIX
Timeline
PublishedOct 6
Latest updateApr 29

Description

Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDibm/aix4.3.3, 5.1, 5.2+2

🔴Vulnerability Details

2
GHSA
GHSA-xx87-hj55-x8cc: Format string vulnerability in tsm for the bos2022-04-29
CVEList
CVE-2003-0784: Format string vulnerability in tsm for the bos2003-09-23
CVE-2003-0784 — IBM AIX vulnerability | cvebase