Quoting Andreas Mueller (andreas.muellerat_private-TUEBINGEN.DE): > > if nslookup is installed with the s-bit all users can > create and overwrite files owned by root. this works > in the interactive mode, when dumping dns-records to a > file (with ls -d DOMAINNAME > FILE for example). > This was fixed over a year ago and documented in the IBM-ERS advisory ERS-SVA-E01-1997:008.1 available from http://www.ers.ibm.com. > p.s.: if this has already been reported to this list - sorry for > my lazyness to search an archive of bugtraq. > -- That's ok. It lets me plug our security newsletter. ;-) We've fixed lots of bugs in the last year (see the recent post by Ciaran Deignan <Ciaran.Deignanat_private> titled "Security_APARs"). I encourage AIX customers to subscribe to the AIX security newsletter by sending a note to aixservat_private with a subject of: subscribe Security Security_APARs And remember, you can always send new AIX vulnerabilities to security-alertat_private I promise to work just as hard on bugs reported there as I do on bugs reported here (even if they're reported the day before Valentine's Day. ;-) Thanks. -- Troy Bollinger troyat_private AIX Security Development security-alertat_private PGP keyid: 1024/0xB7783129 Troy's opinions are not IBM policy
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:15 PDT