Lucene search

MitreCVE-2004-1028

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1028

2005-01-1005:00:00

mitre

web.nvd.nist.gov

cve-2004-1028

untrusted execution path

chcod

aix ibm

vulnerability

local users

arbitrary programs

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious “grep” program, which is executed from chcod.

Affected configurations

Nvd

Node

ibmaixMatch5.1

ibmaixMatch5.1l

ibmaixMatch5.2

ibmaixMatch5.2.2

ibmaixMatch5.2_l

ibmaixMatch5.3

ibmaixMatch5.3_l

VendorProductVersionCPE
ibmaix5.1cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*
ibmaix5.1lcpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*
ibmaix5.2cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
ibmaix5.2.2cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
ibmaix5.2_lcpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
ibmaix5.3cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
ibmaix5.3_lcpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	aix	5.1	cpe:2.3:o:ibm:aix:5.1:::::::*
ibm	aix	5.1l	cpe:2.3:o:ibm:aix:5.1l:::::::*
ibm	aix	5.2	cpe:2.3:o:ibm:aix:5.2:::::::*
ibm	aix	5.2.2	cpe:2.3:o:ibm:aix:5.2.2:::::::*
ibm	aix	5.2_l	cpe:2.3:o:ibm:aix:5.2_l:::::::*
ibm	aix	5.3	cpe:2.3:o:ibm:aix:5.3:::::::*
ibm	aix	5.3_l	cpe:2.3:o:ibm:aix:5.3_l:::::::*

References

www-1.ibm.com/support/search.wss?rs=0&q=IY64354&apar=only

www-1.ibm.com/support/search.wss?rs=0&q=IY64355&apar=only

www-1.ibm.com/support/search.wss?rs=0&q=IY64356&apar=only

www.idefense.com/application/poi/display?id=170&type=vulnerabilities

exchange.xforce.ibmcloud.com/vulnerabilities/18625

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2004-1028