NVD

Id
71428  
Name
CVE-2004-1028  
Description
Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-07-18  
Published
2005-01-10  
Modified Date
2017-07-10  
Seq
2004-1028  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
369323 71428 CVE-2004-1028 IY64354  View
369324 71428 CVE-2004-1028 IY64355  View
369325 71428 CVE-2004-1028 IY64356  View
369326 71428 CVE-2004-1028 20041220 IBM AIX chcod Local Privilege Escalation Vulnerability  View
369327 71428 CVE-2004-1028 aix-chcod-gain-privileges(18625)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
63223 JVNDB-2004-000565 IBM AIX の chcod コマンドにおける任意のコードを実行される脆弱性 IBM AIX に実装されている chcod コマンドには、PATH 環境変数の取り扱いに不備が存在するため、任意のコードを実行される脆弱性が存在します。 CVE-2004-1028 9455 CVE-2004-1028 71428 7.2 http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000565.html 2004-12-20 2007-04-01 View