CVE-2012-2179
Description
libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=isg1IV22019
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=isg1IV21383
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=isg1IV21382
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=isg1IV21381
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=isg1IV21379
Vendor advisory: psirt@us.ibm.com — http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc
References
- http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc
- http://www.ibm.com/support/docview.wss?uid=isg1IV21379
- http://www.ibm.com/support/docview.wss?uid=isg1IV21381
- http://www.ibm.com/support/docview.wss?uid=isg1IV21382
- http://www.ibm.com/support/docview.wss?uid=isg1IV21383
- http://www.ibm.com/support/docview.wss?uid=isg1IV22019
- http://www.osvdb.org/83133
- http://www.securitytracker.com/id?1027193
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75510
- http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc
- http://www.ibm.com/support/docview.wss?uid=isg1IV21379
- http://www.ibm.com/support/docview.wss?uid=isg1IV21381
- http://www.ibm.com/support/docview.wss?uid=isg1IV21382
- http://www.ibm.com/support/docview.wss?uid=isg1IV21383
- http://www.ibm.com/support/docview.wss?uid=isg1IV22019
- http://www.osvdb.org/83133
- http://www.securitytracker.com/id?1027193
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75510
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.