AIX acledit & aclput Race Condition Vulnerability

Acledit and aclput under some versions of AIX use mktemp() to create temporary files in /tmp. The files created are non-random and have insecure permissions. Malicious users may be able to exploit a race condition and create or modify files owned by the invoker.


 

Privacy Statement
Copyright 2010, SecurityFocus