The included console command bos.rte.serv_aid contains a flaw that allows malicious local users to overwrite aritrary files. This issue is due to the program creating temporary files insecurely, allowing for symlink attacks.
Classification
Location:
Local Access Required
Attack Type:
Denial of Service,
Race Condition
Impact:
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
Solution
Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.