Vulnerability Details CVE-2004-2388
rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.2%
CVSS Severity
CVSS v2 Score 10.0
References
- http://secunia.com/advisories/11085
- http://www-1.ibm.com/support/docview.wss?uid=isg1IY53507
- http://www.ciac.org/ciac/bulletins/o-102.shtml
- http://www.osvdb.org/4248
- http://www.securityfocus.com/bid/9835
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15455
- http://secunia.com/advisories/11085
- http://www-1.ibm.com/support/docview.wss?uid=isg1IY53507
- http://www.ciac.org/ciac/bulletins/o-102.shtml
- http://www.osvdb.org/4248
- http://www.securityfocus.com/bid/9835
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15455