CVE Details for CVE: CVE-2002-1594
Summary
Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.
| Timestamps | |
|---|---|
| Last major update | 11-07-2017 - 01:29 |
| Published | 02-01-2002 - 05:00 |
| Last modified | 11-07-2017 - 01:29 |
References
- http://publib.boulder.ibm.com/infocenter/pseries/topic/com.ibm.aix.doc/cmds/aixcmds2/grpck.htm
- http://www.kb.cert.org/vuls/id/121891
- http://www.kb.cert.org/vuls/id/877811
- http://marc.info/?l=vuln-dev&m=100999352406822&w=2
- http://marc.info/?l=vulnwatch&m=100998205010794&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7859
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7857
CWE
CVSS
Base
7.2
Impact
10.0
Exploitability
3.9
Access
| Vector | Complexity | Authentication |
|---|---|---|
| LOCAL | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| COMPLETE | COMPLETE | COMPLETE |
CVSS3
None
VIA4 references
cvss-vector
via4
refmap
via4
| cert-vn | |
| misc | http://publib.boulder.ibm.com/infocenter/pseries/topic/com.ibm.aix.doc/cmds/aixcmds2/grpck.htm |
| vuln-dev | 20020102 Re: [VulnWatch] blackshell3: multiple pwck/grpck vulnerabilities |
| vulnwatch | 20020102 blackshell3: multiple pwck/grpck vulnerabilities |
| xf |