CVE-2004-2634
https://notcve.org/view.php?id=CVE-2004-2634
The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors. • http://secunia.com/advisories/11496 http://securitytracker.com/id?1009975 http://www-1.ibm.com/support/search.wss?rs=0&q=IY55789&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY55790&apar=only http://www.osvdb.org/5711 http://www.osvdb.org/5712 http://www.securityfocus.com/bid/10231 https://exchange.xforce.ibmcloud.com/vulnerabilities/16008 https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=18&ID=279 •
CVE-2004-2697 – AIX 4.3.3/5.1 - Invscoutd Symbolic Link
https://notcve.org/view.php?id=CVE-2004-2697
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002. • https://www.exploit-db.com/exploits/23883 http://secunia.com/advisories/11200 http://www.osvdb.org/4582 http://www.securiteam.com/exploits/5CP0F0UDFG.html http://www.securityfocus.com/bid/9982 http://www.xfocus.org/exploits/200403/31.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15620 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2004-2388
https://notcve.org/view.php?id=CVE-2004-2388
rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user. • http://secunia.com/advisories/11085 http://www-1.ibm.com/support/docview.wss?uid=isg1IY53507 http://www.ciac.org/ciac/bulletins/o-102.shtml http://www.osvdb.org/4248 http://www.securityfocus.com/bid/9835 https://exchange.xforce.ibmcloud.com/vulnerabilities/15455 •
CVE-2004-2312 – GNU Make For IBM AIX 4.3.3 - CC Path Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-2312
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument. • https://www.exploit-db.com/exploits/23838 http://archives.neohapsis.com/archives/fulldisclosure/2004-03/0997.html http://archives.neohapsis.com/archives/fulldisclosure/2004-03/1124.html http://secunia.com/advisories/11158 http://www.osvdb.org/4391 http://www.securityfocus.com/bid/9903 https://exchange.xforce.ibmcloud.com/vulnerabilities/15554 •
CVE-2004-1028
https://notcve.org/view.php?id=CVE-2004-1028
Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod. Vulnerabilidad de camino de ejecución no de confianza en chcod de AIX IBM 5.1.0, 5.2.0 y 5.3.0 permite a usuarios locales ejecutar programas arbitrarios modificando la variable de entorno PATH para apuntar a una programa "grep" malicioso, que es ejecutado desde chcod. • http://www-1.ibm.com/support/search.wss?rs=0&q=IY64354&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY64355&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY64356&apar=only http://www.idefense.com/application/poi/display?id=170&type=vulnerabilities https://exchange.xforce.ibmcloud.com/vulnerabilities/18625 •