CVE-2004-2388 — IBM AIX vulnerability

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

1.0%

top 22.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM AIX

Timeline

PublishedDec 31

Latest updateApr 29

Description

rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/aix4.3.3

Patches

Patch: secunia.com ↗Patch: www.osvdb.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mg3x-w99j-gv68: rexecd for AIX 4↗2022-04-29

▶

CVEList

CVE-2004-2388: rexecd for AIX 4↗2005-08-16

▶