Bugtraq mailing list archives

Re: vulnerability in vi under AIX 3.2

From: davy () vnet ibm com (David A. Curry)
Date: Tue, 23 Jul 1996 14:28:30 EDT


     From:  Marina Buitrago Bravo <buitrago () cica es>
     Date:      Tue, 23 Jul 1996 09:53:49 +0000
     Subject:       vulnerability in vi under AIX 3.2

     Hello all. I have found out that under AIX 3.2 the vi editor interprets
     the file ./.exrc, even if you are root and this file is not owned by you.
     This vulnerability seems rather obvious to me, do you know if a patch
     exists for this?

According to the AIX Security Development team, this was fixed in APAR IX44685,
released in June 1994.

Contact your IBM representative to obtain a copy of this fix.

--Dave

--
David A. Curry                          IBM Internet Emergency Response Service
Senior Internet Security Analyst        Long Meadow Road, M/S 223
Information Warfare Center              Sterling Forest, NY 10979 U.S.A.
davy () vnet ibm com                       +1 914 759-4452

Current thread:

Re: vulnerability in vi under AIX 3.2 David A. Curry (Jul 23)
- Quota Trojan Jordy (Jul 24)
- <Possible follow-ups>
- Re: vulnerability in vi under AIX 3.2 Max Bloomfield (Jul 24)
  - Re: vulnerability in vi under AIX 3.2 Bill Pemberton (Jul 24)
  - CERT Advisory CA-96.14 - Vulnerability in rdist CERT Advisory (Jul 24)