IBM dump_smutil.sh Insecure Temporary File Creation Vulnerability
2004-09-09 14:55:01 Marketing Dept

Vulnerability Name: IBM dump_smutil.sh Insecure Temporary File Creation Vulnerability

Published Date:  2002-09-26
Updated Date:  2004-08-23
CVE Number: CAN-2002-1550
Bugtraq ID:8802
Vulnerable:
IBM AIX 4.3.3
IBM AIX 5.1
Not Vulnerable:

Description:
IBM has reported that the AIX dump_smutil.sh utility may be prone to symlink attacks due to insecure temporary file creation. The precise details regarding this issue are currently unknown, however it is likely that during a specific operation the affected utility places a filename in a world accessible directory using a predictable name. As a result, an attacker may be capable of overwriting an arbitrary system file with the privileges of the utility.

Vender Status: Have Patches.
Solution:
IBM AIX 4.3.3:
IBM APAR IY34617
http://www-1.ibm.com/support/docview.wss?uid=isg1IY34617
IBM AIX 5.1:
IBM APAR IY33055
http://techsupport.services.ibm.com/server/aix.fixdist?whichFix=APAR&fixes=IY33055


Editor: Marketing Dept
Large Medium Small】【close
■ LINK:

®2004 Information Security One (China) Ltd. All right reserved | Privacy Policy | Legal Notice