CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM » AIX : Security Vulnerabilities Published In 2002

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-1690 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.
2 CVE-2002-1689 Overflow 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow.
3 CVE-2002-1687 Overflow 2002-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.
4 CVE-2002-1686 Overflow 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in lscfg of unknown versions of AIX has unknown impact.
5 CVE-2002-1622 Exec Code Overflow 2002-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type."
6 CVE-2002-1621 Exec Code Overflow 2002-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.
7 CVE-2002-1619 DoS Overflow 2002-03-08 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump).
8 CVE-2002-1201 DoS 2002-10-28 2008-09-10
5.0
None Remote Low Not required None None Partial
IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers.
9 CVE-2002-1041 2002-10-04 2008-09-05
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames.
10 CVE-2002-1040 2002-10-04 2008-09-05
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames.
11 CVE-2002-0790 +Priv 2002-08-12 2008-09-10
2.1
None Local Low Not required Partial None None
clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.
12 CVE-2002-0747 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in lsmcode in AIX 4.3.3.
13 CVE-2002-0746 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument.
14 CVE-2002-0745 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in uucp in AIX 4.3.3.
15 CVE-2002-0744 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.
16 CVE-2002-0743 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.
17 CVE-2002-0742 Overflow 2002-08-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in pioout on AIX 4.3.3.
18 CVE-2002-0679 Exec Code Overflow 2002-09-05 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
19 CVE-2002-0678 2002-07-23 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
20 CVE-2002-0677 +Priv 2002-07-23 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.
21 CVE-2001-1079 DoS 2002-02-13 2008-09-05
3.6
None Local Low Not required None Partial Partial
create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service.
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.