Vulnerabilities > CVE-1999-1405 - Unspecified vulnerability in IBM AIX

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

ibm

exploit available

NVD

Published: 1999-02-17

Updated: 2016-10-18

Summary

snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM AIX 4.2.1 IBM AIX 3.2.5 IBM AIX 4.1.4 IBM AIX 4.2 IBM AIX 4.1.5 IBM AIX 4.1.2 IBM AIX 4.1 IBM AIX 4.1.3	8

Exploit-Db

description	IBM AIX 4.2.1 snap Insecure Temporary File Creation Vulnerability. CVE-1999-1405. Local exploit for aix platform
id	EDB-ID:19300
last seen	2016-02-02
modified	1999-02-17
published	1999-02-17
reporter	Larry W. Cashdollar
source	https://www.exploit-db.com/download/19300/
title	IBM AIX <= 4.2.1 snap Insecure Temporary File Creation Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References