Vulnerabilities > CVE-1999-1405 - Unspecified vulnerability in IBM AIX

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

ibm

critical

exploit available

NVD

Published: 1999-02-17

Updated: 2016-10-18

Summary

snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a. Fixed in AIX 4.3 and 4.3.2 AIX 4.3.x APAR: IX88263 AIX 4.2.x APAR: IX88261

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM AIX 3.2.5 IBM AIX 4.1 IBM AIX 4.1.2 IBM AIX 4.1.3 IBM AIX 4.1.4 IBM AIX 4.1.5 IBM AIX 4.2 IBM AIX 4.2.1	8

Exploit-Db

description	IBM AIX 4.2.1 snap Insecure Temporary File Creation Vulnerability. CVE-1999-1405. Local exploit for aix platform
id	EDB-ID:19300
last seen	2016-02-02
modified	1999-02-17
published	1999-02-17
reporter	Larry W. Cashdollar
source	https://www.exploit-db.com/download/19300/
title	IBM AIX <= 4.2.1 snap Insecure Temporary File Creation Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References