Info

Disclosure

Apr 22, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

IBM AIX contains a flaw that may allow a privilege escalation. The issue is triggered when a local attacker creates a symbolic link for AIX console commands, included in the bos.rte.console and bos.rte.serv_aid filesets, to follow. It is possible that the flaw may allow arbitrary file overwriting, resulting in a loss of integrity, and/or availability.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Rumored
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Products

International Business Machines Corporation	AIX	5.1
		5.2

References

Bugtraq ID: 10231
Secunia Advisory ID: 11496
ISS X-Force ID: 16008
CVE ID: 2004-2634 (see also: NVD)
Related OSVDB ID: 5712
SCIP VulDB ID: 640
Vendor Specific Advisory URL: http://www.securityfocus.com/advisories/6632
Other Advisory URL: https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=18&ID=279

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit