AIX 6.1 TL 1 : swcons (IZ28943)

A file permission/ownership vulnerability exists in the 'bos.rte.console' fileset command listed below whereby a local attacker may create arbitrary contents within a file owned by root using the 'swcons' command. The local attacker must be a member of the 'system' group gid=0 to execute this...

/bin/ls with gid=0 in Debian linux-ftpd

Mea culpa. A stupid little bug crept into linux-ftpd for Debian, and some other Linux distros. Some may have fixed it, but Debian hasn't. The effect is that ftpd now runs /bin/ls for DIR and similar commands with GID=0. Does not seem terribly dangerous as I do not seem able to trick ls into runni...