CVE-2006-0133

Name of the Vulnerable Software and Affected Versions: AIX version 5.3 ML03

Description: The issue allows local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell.

Recommendations: For AIX version 5.3 ML03, consider restricting access to the getCommand.new and getShell functions until a patch is available. As a temporary workaround, avoid using the .. (dot dot) sequence in arguments to these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.