Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1028

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-1028
Last Modified 10 Sep 2008 03:28:39
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1028

Summary

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.

Vulnerable Systems

Operating System

  • Ibm Aix 5.1

  • Ibm Aix 5.1l

  • Ibm Aix 5.2

  • Ibm Aix 5.2 L

  • Ibm Aix 5.2.2

  • Ibm Aix 5.3

  • Ibm Aix 5.3 L


References

XF - aix-chcod-gain-privileges(18625)

IDEFENSE - 20041220 IBM AIX chcod Local Privilege Escalation Vulnerability

AIXAPAR - IY64356

AIXAPAR - IY64355

AIXAPAR - IY64354


Last Updated: 27 May 2016 10:38:52