Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] Multiple OS kernel insecure handling of stdio file descriptor
From: XFOCUS Security Team (securityxfocus.org)
Date: Wed Jan 24 2007 - 07:48:33 CST
we tested in oslevel -r is 5300-03 ,your system is AIX 5300-05.
as your description , this vuln should be fixed in AIX 5300-05.
we think you don't mind this letter are also dropped to full-disclosure .
Shiva Persaud 写道:
> On Thu, Jan 18, 2007 at 01:24:35PM -0600, Shiva Persaud wrote:
>> Can you please let me know if I'm missing something? Also, can you please send
>> me the output of the "lslpp -L" command on the system where you tested?
> I am able to reproduce your results if I remove the setuid bit from tt:
> $ ls -la /tmp/bb
> -rw-r--r-- 1 root system 0 Jan 18 12:57 /tmp/bb
> $ ./k
> This is not the same as the issue posted though. I look forward to hearing
> back from you. -- Shiva
XFOCUS Security Team
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/