[13305] in bugtraq
2nd attempt: AIX techlibss follows links
daemon@ATHENA.MIT.EDU (Klaus.Kusche@OOE.GV.AT)
Tue Jan 11 01:06:38 2000
Mime-Version: 1.0
Content-Type: text/plain
Message-Id: <B7DF252F2093D111982F40003881990401F0A8EB@ntli01-004.ooe.gv.at>
Date: Mon, 10 Jan 2000 09:20:46 +0100
Reply-To: Klaus.Kusche@OOE.GV.AT
From: Klaus.Kusche@OOE.GV.AT
To: BUGTRAQ@SECURITYFOCUS.COM
2nd attempt:
"techlibss" is the program used to install IBM's monthly AIX service CD's.
The program is run as "root" and creates log files with a fixed name in /tmp
using shell redirection. Hence, it happily follows any existing symbolic
link with that name, blindly overwriting any file the link happens to point
to.
The problem is fixed with the fileset "techlib.service.rte.1.0.0.4" on the
service CD for Jan 2000.
If you have installed an older version of "techlib.service.rte", upgrade
manually (following the instructions on the CD cover), because that fileset
is not updated automatically, even if you choose to automatically update all
installed AIX filesets from the CD.
DI. Dr. Klaus Kusche
Oberoesterreichische Landesregierung / Government of Upper Austria
Rechenzentrum / Computing Centre
Smail: Kaerntnerstrasse 16, A-4020 Linz, Austria (Europe)
Phone: +43 732 7720 - 3394 Fax: +43 732 7720 3198
Email: Klaus.Kusche@ooe.gv.at
