BID:1241

AIX Filesystem Vulnerability

Info

AIX Filesystem Vulnerability

Bugtraq ID:	1241
Class:	Access Validation Error
CVE:
Remote:	Yes
Local:	Yes
Published:	May 24 2000 12:00AM
Updated:	May 24 2000 12:00AM
Credit:	IBM released an advisory on this issue May 24, 2000 to the Bugtraq mailing list.
Vulnerable:	IBM AIX 4.3.2 IBM AIX 4.3.1 IBM AIX 4.3 IBM AIX 4.2.1 IBM AIX 4.2 IBM AIX 4.1.5 IBM AIX 4.1.4 IBM AIX 4.1.3 IBM AIX 4.1.2 IBM AIX 4.1.1 IBM AIX 4.1 IBM AIX 3.2.5 IBM AIX 3.2.4 IBM AIX 3.2

Not Vulnerable:

Discussion

AIX Filesystem Vulnerability

A sparsely worded advisory was released by IBM on May 24, 2000 announcing a filesystem vulnerability in multiple versions of AIX. While the advisory is purposefully ambiguous as to the exact nature of this problem it states the problem has the effect of unauthorized file access. It states that both remote users via NFS mounts and local users may under some conditions gain read/write access to files which they do not own or otherwise should not be able to access.

Exploit / POC

AIX Filesystem Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].