Description
Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.
Product(s):
- IBM AIX 5.1
- IBM AIX 5.1L
- IBM AIX 5.2.2
- IBM AIX 5.2
- IBM AIX 5.2 L
- IBM AIX 5.3
- IBM AIX 5.3 sp6
- IBM AIX 5.3 L
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1028, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1028 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.