CVE Vulnerabilities

CVE-2004-1028

Published: Jan 10, 2005 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious grep program, which is executed from chcod.

Affected Software

Name Vendor Start Version End Version
Aix Ibm 5.1 5.1
Aix Ibm 5.1l 5.1l
Aix Ibm 5.2 5.2
Aix Ibm 5.2.2 5.2.2
Aix Ibm 5.2_l 5.2_l
Aix Ibm 5.3 5.3
Aix Ibm 5.3_l 5.3_l

References