5711 : IBM AIX bos.rte.console Symlink Arbitrary File Overwrite
Printer | http://osvdb.org/5711 | Email This | Edit Vulnerability

Views This Week

Views All Time

131

Info

Last Modified

about 1 year ago

Percent Complete

90%

Disclosure

Apr 22, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Keywords

No Keywords

Description

IBM AIX contains a flaw that may allow a privilege escalation. The issue is triggered when a local attacker creates a symbolic link for AIX console commands, included in the bos.rte.console and bos.rte.serv_aid filesets, to follow. It is possible that the flaw may allow arbitrary file overwriting, resulting in a loss of integrity, and/or availability.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Rumored / Private
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Products

International Business Machines Corporation	AIX	5.1
		5.2

References

Bugtraq ID: 10231
Secunia Advisory ID: 11496
ISS X-Force ID: 16008
CVE ID: 2004-2634 (see also: NVD)
Related OSVDB ID: 5712
Vendor Specific Advisory URL: http://www.securityfocus.com/advisories/6632
Other Advisory URL: https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=18&ID=2 ......

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Keywords

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit

Blogs

Comments