PT-1998-1230 · Ibm · Ibm Aix

Published

1998-02-25

Updated

2017-10-10

CVE-1999-1486

CVSS v2.0

1.2

Low

Vector

AV:L/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions IBM AIX versions 4.1 through 4.3

Description The issue allows local users to overwrite arbitrary files via a symlink attack when the sadc program is called from setgid adm programs like timex.

Recommendations For IBM AIX versions 4.1 through 4.3, consider restricting access to the sadc program to prevent local users from overwriting arbitrary files. As a temporary workaround, avoid using setgid adm programs like timex until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-1999-1486

Affected Products

Ibm Aix

PT-1998-1230 · Ibm · Ibm Aix

CVE-1999-1486

Related Identifiers

Affected Products

References · 7