Critical

CVE-2002-1689 - Unspecified vulnerability in IBM AIX 3.2.5

Publication: 2002-12-31

Summary

Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow.

Risk level (CVSS 10)

Critical

10.0

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

IBM AIX 3.2.5

References

http://archives.neohapsis.com/archives/aix/2002-q1/0005.html