Bugtraq mailing list archives
2nd attempt: AIX techlibss follows links
From: Klaus.Kusche () OOE GV AT (Klaus.Kusche () OOE GV AT)
Date: Mon, 10 Jan 2000 09:20:46 +0100
2nd attempt: "techlibss" is the program used to install IBM's monthly AIX service CD's. The program is run as "root" and creates log files with a fixed name in /tmp using shell redirection. Hence, it happily follows any existing symbolic link with that name, blindly overwriting any file the link happens to point to. The problem is fixed with the fileset "techlib.service.rte.1.0.0.4" on the service CD for Jan 2000. If you have installed an older version of "techlib.service.rte", upgrade manually (following the instructions on the CD cover), because that fileset is not updated automatically, even if you choose to automatically update all installed AIX filesets from the CD. DI. Dr. Klaus Kusche Oberoesterreichische Landesregierung / Government of Upper Austria Rechenzentrum / Computing Centre Smail: Kaerntnerstrasse 16, A-4020 Linz, Austria (Europe) Phone: +43 732 7720 - 3394 Fax: +43 732 7720 3198 Email: Klaus.Kusche () ooe gv at
Current thread:
- Microsoft Security Bulletin (MS00-004), (continued)
- Microsoft Security Bulletin (MS00-004) Microsoft Product Security (Jan 21)
- Re: Vulnerabilities in Checkpoint FW-1 version 3.x and maybe 4.x Vanja Hrustic (Jan 22)
- Re: Vulnerabilities in Checkpoint FW-1 version 3.x and maybe 4.x Markus Hofmann (Jan 22)
- Administrivia Elias Levy (Jan 18)
- Info on some security holes reported against SCO Unixware. Aaron Sigel (Jan 13)
- ssh-proxy, a new approach to firewall software Magosanyi Arpad (Jan 13)
- Re: Hotmail security hole - injecting JavaScript using <IMG Ajax (Jan 11)
- Serious Bug in Corel Linux.(Local root exploit) tascon () ENETE GUI UVA ES (Jan 12)
- secure-programs howto Signal 11 (Jan 09)
- strace can lie ... but LTT might be handy Karim Yaghmour (Jan 09)
- 2nd attempt: AIX techlibss follows links Klaus.Kusche () OOE GV AT (Jan 10)
- NIS2k Bacano (Jan 11)
- Password issue in Axent ESM 5.0.1 Console Todd (Jan 12)
- Re: Password issue in Axent ESM 5.0.1 Console Scott Blake (Jan 14)
- Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Ussr Labs (Jan 13)
- Re: NIS2k Brad Griffin (Jan 13)
- Misleading sense of security in Netscape Craig Ruefenacht (Jan 13)
- Re: Misleading sense of security in Netscape Jefferson Ogata (Jan 18)
- New MySQL Available Scott (Jan 13)
- BindView Security Advisory: Local Promotion Vulnerability in Windows NT 4 BindView Security Advisory (Jan 13)
- Microsoft Security Bulletin (MS00-003) Microsoft Product Security (Jan 13)