Lucene search

[email protected]NVD:CVE-2004-2388

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2388

2004-12-3105:00:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

69.2%

JSON

rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.

Affected configurations

Nvd

Node

ibmaixMatch4.3.3

VendorProductVersionCPE
ibmaix4.3.3cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	aix	4.3.3	cpe:2.3:o:ibm:aix:4.3.3:::::::*

References

secunia.com/advisories/11085

www-1.ibm.com/support/docview.wss?uid=isg1IY53507

www.ciac.org/ciac/bulletins/o-102.shtml

www.osvdb.org/4248

www.securityfocus.com/bid/9835

exchange.xforce.ibmcloud.com/vulnerabilities/15455

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.003

Percentile

69.2%

JSON

Related for NVD:CVE-2004-2388

cvelist1 cve1