Vulnerabilities > CVE-2002-1594 - Local Security vulnerability in Grpck
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
References
- http://marc.info/?l=vuln-dev&m=100999352406822&w=2
- http://marc.info/?l=vulnwatch&m=100998205010794&w=2
- http://publib.boulder.ibm.com/infocenter/pseries/topic/com.ibm.aix.doc/cmds/aixcmds2/grpck.htm
- http://www.kb.cert.org/vuls/id/121891
- http://www.kb.cert.org/vuls/id/877811
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7857
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7859