[dbsec] Re: Patches available for IBM AIX flaws

  • From: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
  • To: <bugtraq@xxxxxxxxxxxxxxxxx>, <dbsec@xxxxxxxxxxxxx>
  • Date: Thu, 15 Dec 2005 22:58:24 -0000


4) There are arbitrary file data append issues in getShell and getCommand in conjuction with specific settings in the malloc debug system.Both getShell and getCommand are setuid root.

Issue 4 affects AIX versions 5.3, 5.2 and 5.1.

Issue 4 affects only AIX 5.3 and not 5.2 and 5.1 as was indicated. Apologies!

Other related posts: