What is the severity of CVE-2002-1594?

CVE-2002-1594 is classified as a high severity vulnerability due to its potential to allow local users to gain elevated privileges.

How do I fix CVE-2002-1594?

To fix CVE-2002-1594, remove the setuid permission on grpck and pwck or apply available patches provided by the vendor.

What software is affected by CVE-2002-1594?

CVE-2002-1594 affects the grpck and pwck utilities, particularly when they are installed with setuid permissions.

Can CVE-2002-1594 be exploited remotely?

CVE-2002-1594 cannot be exploited remotely as it requires local access to the system to take advantage of the buffer overflow.

Is there a workaround for CVE-2002-1594?

A potential workaround for CVE-2002-1594 is to restrict local user access to the vulnerable utilities until a formal fix is applied.

Vulnerability/
CVE-2002-1594

high

7.2

CWE

NVD-CWE-Other 119

2/1/2002

13/3/2005

8/8/2024

CVE-2002-1594: Buffer Overflow

First published: Wed Jan 02 2002(Updated: )

Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
gRPC
Pwck Pwck

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2002-1594?
CVE-2002-1594 is classified as a high severity vulnerability due to its potential to allow local users to gain elevated privileges.
How do I fix CVE-2002-1594?
To fix CVE-2002-1594, remove the setuid permission on grpck and pwck or apply available patches provided by the vendor.
What software is affected by CVE-2002-1594?
CVE-2002-1594 affects the grpck and pwck utilities, particularly when they are installed with setuid permissions.
Can CVE-2002-1594 be exploited remotely?
CVE-2002-1594 cannot be exploited remotely as it requires local access to the system to take advantage of the buffer overflow.
Is there a workaround for CVE-2002-1594?
A potential workaround for CVE-2002-1594 is to restrict local user access to the vulnerable utilities until a formal fix is applied.

agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/references
agent/author
agent/severity
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/grpck
canonical/grpc
vendor/pwck
canonical/pwck pwck

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2002-1594?
CVE-2002-1594 is classified as a high severity vulnerability due to its potential to allow local users to gain elevated privileges.
How do I fix CVE-2002-1594?
To fix CVE-2002-1594, remove the setuid permission on grpck and pwck or apply available patches provided by the vendor.
What software is affected by CVE-2002-1594?
CVE-2002-1594 affects the grpck and pwck utilities, particularly when they are installed with setuid permissions.
Can CVE-2002-1594 be exploited remotely?
CVE-2002-1594 cannot be exploited remotely as it requires local access to the system to take advantage of the buffer overflow.
Is there a workaround for CVE-2002-1594?
A potential workaround for CVE-2002-1594 is to restrict local user access to the vulnerable utilities until a formal fix is applied.