Info

Disclosure

Apr 22, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The included console command bos.rte.serv_aid contains a flaw that allows malicious local users to overwrite aritrary files. This issue is due to the program creating temporary files insecurely, allowing for symlink attacks.

Classification

Location: Local Access Required
Attack Type: Denial of Service, Race Condition
Impact: Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released a patch to address this vulnerability.

Products

International Business Machines Corporation	AIX	5.1
		5.2

References

Security Tracker: 1009975
Bugtraq ID: 10231
Secunia Advisory ID: 11496
ISS X-Force ID: 16008
CVE ID: 2004-2634 (see also: NVD)
Related OSVDB ID: 5711
SCIP VulDB ID: 640
Vendor Specific Solution URL: ftp://aix.software.ibm.com/aix/efixes/security/conscmd_efix.tar.Z
Vendor Specific Advisory URL: https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=18&ID=279

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

International Business Machines Corporation

AIX

References

Credit