Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1594

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-1594
Last Modified 05 Sep 2008 04:31:01
Published 02 Jan 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1594

Summary

Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.

Vulnerable Systems

Application

  • Grpck

  • Pwck


References

CERT-VN - VU#877811

CERT-VN - VU#121891

XF - pwck-command-line-bo(7859)

XF - grpck-command-line-bo(7857)

MISC - http://publib.boulder.ibm.com/infocenter/pseries/topic/com.ibm.aix.doc/cmds/aixcmds2/grpck.htm

VULNWATCH - 20020102 blackshell3: multiple pwck/grpck vulnerabilities

VULN-DEV - 20020102 Re: [VulnWatch] blackshell3: multiple pwck/grpck vulnerabilities


Last Updated: 27 May 2016 10:37:24