[2987] in bugtraq
Re: vulnerability in vi under AIX 3.2
daemon@ATHENA.MIT.EDU (David A. Curry)
Tue Jul 23 18:02:57 1996
Date: Tue, 23 Jul 1996 14:28:30 EDT
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: "David A. Curry" <davy@vnet.ibm.com>
X-To: Marina Buitrago Bravo <buitrago@cica.es>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Message from Marina Buitrago Bravo of "Tue, 23 Jul 1996 09:53:49
-0000"
From: Marina Buitrago Bravo <buitrago@cica.es>
Date: Tue, 23 Jul 1996 09:53:49 +0000
Subject: vulnerability in vi under AIX 3.2
Hello all. I have found out that under AIX 3.2 the vi editor interprets
the file ./.exrc, even if you are root and this file is not owned by you.
This vulnerability seems rather obvious to me, do you know if a patch
exists for this?
According to the AIX Security Development team, this was fixed in APAR IX44685,
released in June 1994.
Contact your IBM representative to obtain a copy of this fix.
--Dave
--
David A. Curry IBM Internet Emergency Response Service
Senior Internet Security Analyst Long Meadow Road, M/S 223
Information Warfare Center Sterling Forest, NY 10979 U.S.A.
davy@vnet.ibm.com +1 914 759-4452
