Vulnerability Database

310,057

Total vulnerabilities in the database

CVE-2004-1028

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.

Published: Jan 10, 2005
Updated: Nov 9, 2025
CVE: CVE-2004-1028
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ibm / aix	5.3_l	5.3_l.x
ibm / aix	5.3	5.3.x
ibm / aix	5.2	5.2.x
ibm / aix	5.2_l	5.2_l.x
ibm / aix	5.2.2	5.2.2.x
ibm / aix	5.1l	5.1l.x
ibm / aix	5.1	5.1.x

http://www-1.ibm.com/support/search.wss?rs=0&q=IY64354&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY64355&apar=only
http://www-1.ibm.com/support/search.wss?rs=0&q=IY64356&apar=only
http://www.idefense.com/application/poi/display?id=170&type=vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/18625

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo