Vulnerabilities > CVE-2004-1028 - Unspecified vulnerability in IBM AIX

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

ibm

NVD

Published: 2005-01-10

Updated: 2017-07-11

Summary

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM AIX 5.1 IBM AIX 5.1L IBM AIX 5.2 IBM AIX 5.2.2 IBM AIX 5.2_L IBM AIX 5.3 IBM AIX 5.3_L	7

References

http://www.idefense.com/application/poi/display?id=170&type=vulnerabilities
http://www-1.ibm.com/support/search.wss?rs=0&q=IY64354&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY64355&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY64356&apar=only
https://exchange.xforce.ibmcloud.com/vulnerabilities/18625