CVE-2006-1247

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2006-1247 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The original article can be found at: http://www.nsfocus.com/english/homepage/research/0603.htm

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2006-1247

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* IBM AIX 5.1
* IBM AIX 5.2
* IBM AIX 5.3

CVE Information:
CVE-2006-1247

rm_mlcache_file shipped with IBM AIX is used to delete some cached files. By default it is set with suid root bit.

rm_mlcache_file contains a race condition when processing temporary files which allows a local attacker to overwrite arbitrary files. Attackers can launch attacks by running the program directly, or waiting till root user runs it. Successful exploitation may result in data loss or DoS, specifically depending on the overwritten file.

Workaround:
Remove the execution bit from rm_mlcache_file temporarily:
# chmod 000 /usr/bin/rm_mlcache_file

Vendor Status:
The vendor has released the following APAR patches to fix the vulnerability:
* APAR number for AIX 5.1.0: IY82866
* APAR number for AIX 5.2.0: IY82285
* APAR number for AIX 5.3.0: IY82357

AIX 5 APAR patch can be downloaded at: http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html

The temporary patch for the vulnerability can be downloaded at: ftp://aix.software.ibm.com/aix/efixes/security/rm_mlcache_file_ifix.tar.Z

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus