• info
• discussion
• exploit
• solution
• references

IBM AIX Bellmail Race Condition Vulnerability

IBM AIX implementation of bellmail has been reported prone to a race condition vulnerability.

The issue has been reported to present itself due to an insecure chown operation performed by bellmail on a temporary file. Although unconfirmed, it has been conjectured that a local attacker may exploit this issue by replacing the affected file, in a crucial timeframe, with a symlink to an arbitrary system file and have bellmail change ownership of the linked file.