AIX dump_smutil.sh Symlink Privilege Escalation

2002-09-26T00:00:00
ID OSVDB:7998
Type osvdb
Reporter OSVDB
Modified 2002-09-26T00:00:00

Description

Vulnerability Description

IBM AIX contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when the shell script dump_smutil.sh makes use of a file in /tmp which can point to critical system files. It is possible that the flaw may allow any file to be overwritten resulting in a loss of integrity.

Solution Description

Upgrade to version 4.3.3 (APAR IY34617), 5.1.0 (APAR IY33055), or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

IBM AIX contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when the shell script dump_smutil.sh makes use of a file in /tmp which can point to critical system files. It is possible that the flaw may allow any file to be overwritten resulting in a loss of integrity.

References:

Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY33055 Vendor Specific Solution URL: http://www-1.ibm.com/support/docview.wss?uid=isg1IY34617 Vendor Specific Advisory URL Mail List Post: http://archives.neohapsis.com/archives/aix/2002-q4/0002.html ISS X-Force ID: 13476 CVE-2002-1550 Bugtraq ID: 8802