Vulnerability Note VU#209363

IBM AIX vulnerable to buffer overflow in RCP

Original Release date: 16 Sep 2002 | Last revised: 16 Sep 2002


IBM AIX contains a buffer-overflow vulnerability that may allow remote attackers to gain root privileges.


Some versions of IBM AIX used unbounded string operators. This problem was corrected in AIXV4 by changing the unbounded operators to their bounded equivalents.


Remote attackers may be able to gain root privileges.


Apply a patch from your vendor

See the Vendor Status section for more information.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
IBMAffected22 Apr 200207 Jun 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Thanks to IBM for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

  • CVE IDs: Unknown
  • Date Public: 28 Mar 2002
  • Date First Published: 16 Sep 2002
  • Date Last Updated: 16 Sep 2002
  • Severity Metric: 14.96
  • Document Revision: 4


If you have feedback, comments, or additional information about this vulnerability, please send us email.