AIX eNetwork Firewall Insecure Temporary File Creation

1999-05-25T00:00:00
ID OSVDB:962
Type osvdb
Reporter Paul Cammidge(paul@PCCC.CO.ZA)
Modified 1999-05-25T00:00:00

Description

Vulnerability Description

AIX eNetwork Firewall contains a flaw that may allow a local user to overwrite or append to arbitrary files. The issue is due to a number of insecure calls to the /tmp directory for file creation. If an attacker creates a symlink before the scripts are run, they can overwrite or append data to any file on the system.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

AIX eNetwork Firewall contains a flaw that may allow a local user to overwrite or append to arbitrary files. The issue is due to a number of insecure calls to the /tmp directory for file creation. If an attacker creates a symlink before the scripts are run, they can overwrite or append data to any file on the system.

References:

Vendor URL: http://www.software.ibm.com/security/firewall/ Mail List Post: http://cert.uni-stuttgart.de/archive/bugtraq/1999/05/msg00225.html Keyword: APAR IR39562 ISS X-Force ID: 2249 CVE-1999-0803 Bugtraq ID: 287