CVE-2003-0784
First published: Tue Sep 23 2003(Updated: )
Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM AIX | =5.2 | |
| IBM AIX | =4.3.3 | |
| IBM AIX | =5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2003-0784?
CVE-2003-0784 is considered critical due to the potential for remote attackers to gain root privileges.
How do I fix CVE-2003-0784?
To mitigate CVE-2003-0784, users should apply the latest patches provided by IBM for their AIX versions.
What systems are affected by CVE-2003-0784?
CVE-2003-0784 affects IBM AIX versions 4.3.3, 5.1, and 5.2.
Can local users exploit CVE-2003-0784?
Yes, local users can exploit CVE-2003-0784 to gain elevated privileges through specific username formats.
Is there a workaround for CVE-2003-0784 if I cannot apply the patch?
A temporary workaround for CVE-2003-0784 includes restricting user access and ensuring no usernames with format specifiers are created.
- agent/type
- agent/softwarecombine
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ibm
- canonical/ibm aix
- version/ibm aix/5.2
- version/ibm aix/4.3.3
- version/ibm aix/5.1