Vulnerabilities > CVE-2004-2388 - Privilege Escalation vulnerability in IBM AIX 4.3.3

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

ibm

critical

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM AIX 4.3.3	1

References

http://secunia.com/advisories/11085
http://www.ciac.org/ciac/bulletins/o-102.shtml
http://www.osvdb.org/4248
http://www.securityfocus.com/bid/9835
http://www-1.ibm.com/support/docview.wss?uid=isg1IY53507
https://exchange.xforce.ibmcloud.com/vulnerabilities/15455