VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-1330

CVE-2004-1330

Description

Buffer overflow in AIX paginit allows local users to gain root privileges via a long username argument.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Buffer overflow in AIX paginit allows local users to gain root privileges via a long username argument.

Vulnerability

A buffer overflow exists in the setuid root binary /usr/bin/paginit on AIX versions 5.1, 5.2, and 5.3. The program does not perform bounds checking on the first command-line argument, which is intended to be a username. This allows a local attacker to trigger a stack-based buffer overflow by supplying an overly long username [1].

Exploitation

An attacker with local access to the system can exploit this vulnerability by executing paginit with a crafted long username as the argument. The overflow overwrites the stack, allowing the attacker to inject and execute arbitrary code with root privileges. No additional authentication or user interaction is required beyond running the binary [1].

Impact

Successful exploitation grants the attacker a root shell, leading to full compromise of the system. The attacker can execute arbitrary commands, install malware, or exfiltrate data [1].

Mitigation

IBM has released official patches for this vulnerability: IY64358 for AIX 5.1, IY64522 for AIX 5.2, and IY64312 for AIX 5.3 [1]. Administrators should apply these patches as soon as possible. No workarounds are documented in the available references.

References
  1. 'AIX 5.1/5.2/5.3 local root exploits'

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • IBM/Aix6 versions
    cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:5.2.2:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:5.2_l:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
    • cpe:2.3:o:ibm:aix:5.3_l:*:*:*:*:*:*:*
    • (no CPE)range: 5.1 - 5.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

7

News mentions

0

No linked articles in our index yet.