Bugtraq mailing list archives
Re: vulnerability in vi under AIX 3.2
From: wfp5p () tigger itc virginia edu (Bill Pemberton)
Date: Wed, 24 Jul 1996 14:54:42 -0400
Max Bloomfield writes:
In mlist.bugtraq you write:I can not duplicate this on our AIX 3.2.5 machines -- vi only reads $HOME/.exrc . Since root's $HOME is /, you've got a bigger problem if folks can write to the .exrc.....If within $HOME/.exrc "set exrc" appears, then ./.exrc will be sourced upon startup of vi, in AIX 3.2.4. I don't know about 3.2.5, but I suspect that it is the same.
Again, I can't duplicate this on any of our AIX 3.2.5 (or 4.X) machines. It DOES work as you say on our 1 machine that runs AIX 3.2.4. There are several APARs that deal with this for 3.2.5, it appears that they all made into my copy of 3.2.5. There was a bulletin from IBM in September of 1994 that covered the problems with vi, so IBM fixed it a long time ago... -- Bill Pemberton wfp5p () virginia edu ITC/Unix Systems flash () virginia edu University of Virginia uunet!virginia!wfp5p
Current thread:
- Re: vulnerability in vi under AIX 3.2 David A. Curry (Jul 23)
- Quota Trojan Jordy (Jul 24)
- <Possible follow-ups>
- Re: vulnerability in vi under AIX 3.2 Max Bloomfield (Jul 24)
- Re: vulnerability in vi under AIX 3.2 Bill Pemberton (Jul 24)
- CERT Advisory CA-96.14 - Vulnerability in rdist CERT Advisory (Jul 24)