IBM AIX 5.x and 6.x revelation of local information via ‘at’ command

A vulnerability in IBM AIX 5.x and 6.x has been found which could be exploited by a local attacker to access sensitive information.The vulnerability is caused by a bug in the ‘at’ (/usr/bin/at) as it does not limit the privilege to read certain files (It has root permissions). This could be exploited by a local attacker to read any file.

This vulnerability confirmed in AIX 5.2.x, 5.3.xy 6.1.x. Depending on the version and platform, it is recommended to apply the following patches available for download from:

http://aix.software.ibm.com/aix/efixes/security/at_fix.tar
ftp://aix.software.ibm.com/aix/efixes/security/at_fix.tar

More Information:

AIX at information disclosure vulnerability


Blogsphere: TechnoratiFeedsterBloglines
Bookmark: Del.icio.usSpurlFurlSimpyBlinkDigg
RSS feed for comments on this post
 |  TrackBack URI for this post


Leave a Reply