IBM Insecure Temporary File Creation Vulnerability

IBM has reported that the AIX utility may be prone to symlink attacks due to insecure temporary file creation. The precise details regarding this issue are currently unknown, however it is likely that during a specific operation the affected utility places a filename in a world accessible directory using a predictable name. As a result, an attacker may be capable of overwriting an arbitrary system file with the privileges of the utility.


Privacy Statement
Copyright 2010, SecurityFocus