Vulnerability Description
rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Aix | 4.3.3 |
References
- http://secunia.com/advisories/11085PatchVendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=isg1IY53507Vendor Advisory
- http://www.ciac.org/ciac/bulletins/o-102.shtmlExploitVendor Advisory
- http://www.osvdb.org/4248Patch
- http://www.securityfocus.com/bid/9835Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15455
- http://secunia.com/advisories/11085PatchVendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=isg1IY53507Vendor Advisory
- http://www.ciac.org/ciac/bulletins/o-102.shtmlExploitVendor Advisory
- http://www.osvdb.org/4248Patch
- http://www.securityfocus.com/bid/9835Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15455
FAQ
What is CVE-2004-2388?
CVE-2004-2388 is a vulnerability with a CVSS score of 10.0 (HIGH). rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges t...
How severe is CVE-2004-2388?
CVE-2004-2388 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2388?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aix.