CVE-2004-1028

Properties

Published:
09.01.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:L/AC:L/Au:NR/C:C/I:C/A:C/B:N) Approximated
Product:
IBM: AIX
IBM: AIX
IBM: AIX
IBM: AIX
IBM: AIX
IBM: AIX
IBM: AIX

Vulnerability description

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious"grep" program, which is executed from chcod.

References:

Security Focus: http://www.securityfocus.com/bid/12060
iDefense: http://www.idefense.com/application/poi/display?id=170&type=vulnerabilities
IDEFENSE: http://www.idefense.com/application/poi/display?id=170&type=vulnerabilities
AIXAPAR: http://www-1.ibm.com/support/search.wss?rs=0&q=IY64355&apar=only
AIXAPAR: http://www-1.ibm.com/support/search.wss?rs=0&q=IY64354&apar=only
AIXAPAR: http://www-1.ibm.com/support/search.wss?rs=0&q=IY64356&apar=only
XF: http://xforce.iss.net/xforce/xfdb/18625