AIX portmir Buffer Overflow & Insecure Temporary File Creation Vulnerabilities

info
discussion
exploit
solution
references

AIX portmir Buffer Overflow & Insecure Temporary File Creation Vulnerabilities

AIX version 4.2.1 introduced a new command titled 'portmir'. This new program had two notable vulnerabilites. First it contained a buffer overflow which allowed malicious users to obtain root privileges. Secondly it wrote it's log files to a world readable directly thereby exposing security relavent information.