Bugtraq mailing list archives
Re: nslookup on aix 4.x
From: troy () AUSTIN IBM COM (Troy A. Bollinger)
Date: Fri, 12 Feb 1999 17:38:11 -0600
Quoting Andreas Mueller (andreas.mueller () STUDENT UNI-TUEBINGEN DE):
if nslookup is installed with the s-bit all users can create and overwrite files owned by root. this works in the interactive mode, when dumping dns-records to a file (with ls -d DOMAINNAME > FILE for example).
This was fixed over a year ago and documented in the IBM-ERS advisory ERS-SVA-E01-1997:008.1 available from http://www.ers.ibm.com.
p.s.: if this has already been reported to this list - sorry for my lazyness to search an archive of bugtraq. --
That's ok. It lets me plug our security newsletter. ;-) We've fixed lots of bugs in the last year (see the recent post by Ciaran Deignan <Ciaran.Deignan () BULL NET> titled "Security_APARs"). I encourage AIX customers to subscribe to the AIX security newsletter by sending a note to aixserv () austin ibm com with a subject of: subscribe Security Security_APARs And remember, you can always send new AIX vulnerabilities to security-alert () austin ibm com. I promise to work just as hard on bugs reported there as I do on bugs reported here (even if they're reported the day before Valentine's Day. ;-) Thanks. -- Troy Bollinger troy () austin ibm com AIX Security Development security-alert () austin ibm com PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
Current thread:
- nslookup on aix 4.x Andreas Mueller (Feb 11)
- Re: nslookup on aix 4.x Troy A. Bollinger (Feb 12)