LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Aix | Ibm | 5.2 (including) | 5.2 (including) |
| Aix | Ibm | 5.3 (including) | 5.3 (including) |
References
- http://secunia.com/advisories/17202
- http://securitytracker.com/id?1015061
- http://www-1.ibm.com/support/docview.wss?uid=isg1IY77624
- http://www-1.ibm.com/support/docview.wss?uid=isg1IY77638
- http://www.securityfocus.com/bid/15105
- http://secunia.com/advisories/17202
- http://securitytracker.com/id?1015061
- http://www-1.ibm.com/support/docview.wss?uid=isg1IY77624
- http://www-1.ibm.com/support/docview.wss?uid=isg1IY77638
- http://www.securityfocus.com/bid/15105