[dbsec] Re: Patches available for IBM AIX flaws
- From: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
- To: <bugtraq@xxxxxxxxxxxxxxxxx>, <dbsec@xxxxxxxxxxxxx>
- Date: Thu, 15 Dec 2005 22:58:24 -0000
4) There are arbitrary file data append issues in getShell and getCommand
in conjuction with specific settings in the malloc debug system.Both
getShell and getCommand are setuid root.
Issue 4 affects AIX versions 5.3, 5.2 and 5.1.
Issue 4 affects only AIX 5.3 and not 5.2 and 5.1 as was indicated.
Other related posts: