Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2388

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-2388
Last Modified 25 Mar 2009 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2388

Summary

rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.

Vulnerable Systems

Operating System

  • Ibm Aix 4.3.3


References

XF - rexecd-gain-privileges(15455)

BID - 9835

OSVDB - 4248

SECUNIA - 11085

CIAC - O-102

AIXAPAR - IY53507


Last Updated: 27 May 2016 10:39:27