CVE-2006-1247 - Improper Link Resolution Before File Access ('Link Following')

Severity

32%

Complexity

34%

Confidentiality

81%

rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS 2.0 Base Score 3.3. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P).

Overview

Type

IBM AIX

First reported 18 years ago

2006-04-19 16:06:00

Last updated 6 years ago

2018-10-18 16:31:00

Affected Software

IBM AIX 5.1

5.1

IBM AIX 5.1L

5.1l

IBM AIX 5.2

5.2

IBM AIX 5.2.0.50

5.2.0.50

IBM AIX 5.2.0.54

5.2.0.54

IBM AIX 5.2.2

5.2.2

IBM AIX 5.2 L

5.2_l

IBM AIX 5.3

5.3

IBM AIX 5.3.0

5.3.0

IBM AIX 5.3.0.10

5.3.0.10

IBM AIX 5.3.0.20

5.3.0.20

IBM AIX 5.3 L

5.3_l

IBM AIX 5.3 ML03

5.3_ml03

References

19656

Patch, Vendor Advisory

1015952

http://www.nsfocus.com/english/homepage/research/0603.htm

Patch, Vendor Advisory

24706

20060424 NSFOCUS SA2006-03 : IBM AIX rm_mlcache_file Local Race Condition Vulnerability

20060424 NSFOCUS SA2006-02 : IBM AIX mklvcopy Local Privilege Escalation Vulnerability

17576

Patch

ADV-2006-1389

Vendor Advisory

IY82357

Patch

aix-rm-mlcache-file-overwrite(25848)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.