IBM dump_smutil.sh Insecure Temporary File Creation Vulnerability

IBM has reported that the AIX dump_smutil.sh utility may be prone to symlink attacks due to insecure temporary file creation. The precise details regarding this issue are currently unknown, however it is likely that during a specific operation the affected utility places a filename in a world accessible directory using a predictable name. As a result, an attacker may be capable of overwriting an arbitrary system file with the privileges of the utility.


 

Privacy Statement
Copyright 2010, SecurityFocus