Lucene search

MitreCVE-2004-2388

HistoryAug 16, 2005 - 4:00 a.m.

CVE-2004-2388

2005-08-1604:00:00

mitre

web.nvd.nist.gov

cve-2004-2388

rexecd

aix 4.3.3

pwd structure

getpwnam

authenticate function

user privileges

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

69.2%

JSON

rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.

Affected configurations

Nvd

Node

ibmaixMatch4.3.3

VendorProductVersionCPE
ibmaix4.3.3cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	aix	4.3.3	cpe:2.3:o:ibm:aix:4.3.3:::::::*

References

secunia.com/advisories/11085

www-1.ibm.com/support/docview.wss?uid=isg1IY53507

www.ciac.org/ciac/bulletins/o-102.shtml

www.osvdb.org/4248

www.securityfocus.com/bid/9835

exchange.xforce.ibmcloud.com/vulnerabilities/15455

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

69.2%

JSON

Related for CVE-2004-2388