Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2388

Description

rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.

Affected products

IBM/Aix2 versions
cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*
- (no CPE)range: = 4.3.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/11085nvdPatchVendor Advisory
www.osvdb.org/4248nvdPatch
www.securityfocus.com/bid/9835nvdPatch
www.ciac.org/ciac/bulletins/o-102.shtmlnvdExploitVendor Advisory
www-1.ibm.com/support/docview.wssnvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/15455nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000