CVE-2002-1689 - Unspecified vulnerability in IBM AIX 3.2.5

Summary

Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow.

Risk level (CVSS 10.0)

Critical

10.0

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

IBM AIX 3.2.5

External references

http://archives.neohapsis.com/archives/aix/2002-q1/0005.html

Related CVE

Date	CVE	Title	CVSS
2002-12-31	CVE-2002-1622	Unspecified vulnerability in IBM AIX 4.3	7.5
2002-12-31	CVE-2002-1690	Unspecified vulnerability in IBM AIX 3.2.5	10.0
2002-12-31	CVE-2002-1686	Unspecified vulnerability in IBM AIX	10.0
2002-12-31	CVE-2002-1687	Unspecified vulnerability in IBM AIX	2.1