Aix@4.3.3 Security Vulnerabilities and Issues — Aix@4.3.3 CVE List

Lucene search

IbmAix4.3.3

37 matches found

CVE•added 2002/03/09 5:0 a.m.•6366 views

CVE-2001-0554

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

10CVSS7.4AI score0.27436EPSS

CVE•added 2001/05/07 4:0 a.m.•747 views

CVE-2000-1124

Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.

7.2CVSS7.1AI score0.00126EPSS

CVE•added 2002/06/25 4:0 a.m.•153 views

CVE-2001-0797

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

10CVSS7.4AI score0.88625EPSS

CVE•added 2003/10/06 4:0 a.m.•92 views

CVE-2003-0694

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

10CVSS7.7AI score0.7608EPSS

CVE•added 2003/03/25 5:0 a.m.•89 views

CVE-2003-0028

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a differ...

7.5CVSS9.8AI score0.56051EPSS

CVE•added 2003/10/06 4:0 a.m.•72 views

CVE-2003-0681

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

7.5CVSS6.8AI score0.12435EPSS

CVE•added 2002/07/23 4:0 a.m.•68 views

CVE-2002-0677

CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

7.5CVSS6.8AI score0.19026EPSS

CVE•added 2003/04/02 5:0 a.m.•61 views

CVE-2002-0678

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

7.2CVSS6.2AI score0.0043EPSS

CVE•added 2001/05/07 4:0 a.m.•59 views

CVE-2000-1119

Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.

4.6CVSS7.3AI score0.00126EPSS

CVE•added 2004/05/04 4:0 a.m.•57 views

CVE-2004-0368

Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.

10CVSS7.3AI score0.54074EPSS

CVE•added 2002/08/12 4:0 a.m.•56 views

CVE-2002-0743

mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.

10CVSS7.2AI score0.00609EPSS

CVE•added 2004/09/01 4:0 a.m.•53 views

CVE-2003-0064

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary...

7.5CVSS7.2AI score0.00871EPSS

CVE•added 2001/01/22 5:0 a.m.•51 views

CVE-2000-1120

Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.

7.2CVSS7.2AI score0.00209EPSS

CVE•added 2003/04/02 5:0 a.m.•50 views

CVE-2002-0679

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

10CVSS7.9AI score0.70866EPSS

CVE•added 2005/04/14 4:0 a.m.•49 views

CVE-2003-0954

Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges.

7.2CVSS7.3AI score0.00075EPSS

CVE•added 2010/05/20 5:30 p.m.•49 views

CVE-2010-1039

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request con...

10CVSS7.4AI score0.26547EPSS

CVE•added 2004/04/15 4:0 a.m.•47 views

CVE-2003-0257

Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.

7.2CVSS6.8AI score0.00049EPSS

CVE•added 2004/03/29 5:0 a.m.•46 views

CVE-2003-1018

Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors.

7.2CVSS6.6AI score0.00053EPSS

CVE•added 2002/03/09 5:0 a.m.•44 views

CVE-2001-0998

IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.

5CVSS6.8AI score0.00521EPSS

CVE•added 2001/05/07 4:0 a.m.•43 views

CVE-2000-1122

Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.

7.2CVSS7.3AI score0.00044EPSS

CVE•added 2004/08/06 4:0 a.m.•43 views

CVE-2004-0544

Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.

7.2CVSS6.8AI score0.00701EPSS

CVE•added 2003/10/06 4:0 a.m.•42 views

CVE-2003-0784

Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.

10CVSS7.2AI score0.01195EPSS

CVE•added 2001/05/07 4:0 a.m.•40 views

CVE-2000-1121

Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.

7.2CVSS7.3AI score0.0009EPSS

CVE•added 2002/10/28 5:0 a.m.•40 views

CVE-2002-1201

IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers.

5CVSS6.5AI score0.0133EPSS

CVE•added 2005/08/16 4:0 a.m.•40 views

CVE-2004-2312

Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.

7.2CVSS7AI score0.00317EPSS

CVE•added 2001/05/07 4:0 a.m.•38 views

CVE-2000-1123

Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.

7.2CVSS7.6AI score0.00044EPSS

CVE•added 2002/08/12 4:0 a.m.•37 views

CVE-2002-0746

Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument.

10CVSS6.5AI score0.00564EPSS

CVE•added 2005/03/26 5:0 a.m.•37 views

CVE-2002-1621

Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.

10CVSS7.9AI score0.19529EPSS

CVE•added 2002/08/12 4:0 a.m.•36 views

CVE-2002-0744

namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.

10CVSS7.3AI score0.00609EPSS

CVE•added 2005/03/26 5:0 a.m.•36 views

CVE-2002-1619

Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump).

5CVSS7.1AI score0.01413EPSS

CVE•added 2007/10/06 9:0 p.m.•36 views

CVE-2004-2697

The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.

6.9CVSS7.1AI score0.00698EPSS

CVE•added 2002/08/12 4:0 a.m.•35 views

CVE-2002-0742

Buffer overflow in pioout on AIX 4.3.3.

10CVSS7.3AI score0.00609EPSS

CVE•added 2002/08/12 4:0 a.m.•35 views

CVE-2002-0747

Buffer overflow in lsmcode in AIX 4.3.3.

10CVSS7.3AI score0.10937EPSS

CVE•added 2004/09/01 4:0 a.m.•35 views

CVE-2002-1468

Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.

10CVSS7.9AI score0.10655EPSS

CVE•added 2004/02/03 5:0 a.m.•35 views

CVE-2003-0119

The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.

7.5CVSS6.7AI score0.01093EPSS

CVE•added 2005/08/16 4:0 a.m.•33 views

CVE-2004-2388

rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.

10CVSS6.8AI score0.01008EPSS

CVE•added 2002/08/12 4:0 a.m.•32 views

CVE-2002-0745

Buffer overflow in uucp in AIX 4.3.3.

10CVSS7.3AI score0.00609EPSS