BID:17576

IBM AIX RM_MLCache_File Insecure Temporary File Creation Vulnerability

Info

IBM AIX RM_MLCache_File Insecure Temporary File Creation Vulnerability

Bugtraq ID:	17576
Class:	Design Error
CVE:	CVE-2006-1247
Remote:	No
Local:	Yes
Published:	Apr 17 2006 12:00AM
Updated:	Apr 24 2006 11:21PM
Credit:	Yang Jilong of NSFocus Security Team discovered this issue.
Vulnerable:	IBM AIX 5.3 L IBM AIX 5.2 L IBM AIX 5.1 L IBM AIX 5.3 IBM AIX 5.2 IBM AIX 5.1

Not Vulnerable:

Discussion

IBM AIX RM_MLCache_File Insecure Temporary File Creation Vulnerability

The IBM AIX 'rm_mlcache_file' command may let local attackers overwrite arbitrary files.

This could lead to the destruction of sensitive data and a denial of service because the application creates temporary files in an insecure manner.

Exploit / POC

IBM AIX RM_MLCache_File Insecure Temporary File Creation Vulnerability

An exploit is not required.

Solution / Fix

IBM AIX RM_MLCache_File Insecure Temporary File Creation Vulnerability

Solution:

IBM has provided an APAR to address this issue in AIX 5.3.0. APARs for other affected versions are pending release. IBM has also released interim fixes to address the issue.

IBM AIX 5.1

IBM rm_mlcache_file_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/rm_mlcache_file_ifix.ta r.Z

IBM AIX 5.2

IBM rm_mlcache_file_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/rm_mlcache_file_ifix.ta r.Z

IBM AIX 5.3

IBM rm_mlcache_file_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/rm_mlcache_file_ifix.ta r.Z

IBM IY82866
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html

IBM AIX 5.1 L

IBM rm_mlcache_file_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/rm_mlcache_file_ifix.ta r.Z

IBM AIX 5.2 L

IBM rm_mlcache_file_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/rm_mlcache_file_ifix.ta r.Z

IBM AIX 5.3 L

IBM rm_mlcache_file_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/rm_mlcache_file_ifix.ta r.Z

IBM IY82866
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html

References

IBM AIX RM_MLCache_File Insecure Temporary File Creation Vulnerability

References:

NSFOCUS SA2006-03 : IBM AIX rm_mlcache_file Local Race Condition Vulnerability (NSFOCUS Security Team )