Bugtraq mailing list archives
Re: vulnerability in vi under AIX 3.2
From: davy () vnet ibm com (David A. Curry)
Date: Tue, 23 Jul 1996 14:28:30 EDT
From: Marina Buitrago Bravo <buitrago () cica es> Date: Tue, 23 Jul 1996 09:53:49 +0000 Subject: vulnerability in vi under AIX 3.2 Hello all. I have found out that under AIX 3.2 the vi editor interprets the file ./.exrc, even if you are root and this file is not owned by you. This vulnerability seems rather obvious to me, do you know if a patch exists for this? According to the AIX Security Development team, this was fixed in APAR IX44685, released in June 1994. Contact your IBM representative to obtain a copy of this fix. --Dave -- David A. Curry IBM Internet Emergency Response Service Senior Internet Security Analyst Long Meadow Road, M/S 223 Information Warfare Center Sterling Forest, NY 10979 U.S.A. davy () vnet ibm com +1 914 759-4452
Current thread:
- Re: vulnerability in vi under AIX 3.2 David A. Curry (Jul 23)
- Quota Trojan Jordy (Jul 24)
- <Possible follow-ups>
- Re: vulnerability in vi under AIX 3.2 Max Bloomfield (Jul 24)
- Re: vulnerability in vi under AIX 3.2 Bill Pemberton (Jul 24)
- CERT Advisory CA-96.14 - Vulnerability in rdist CERT Advisory (Jul 24)