vendor:
by:
watercloud@xfocus.org
N/A
CVSS
N/A
Race condition vulnerability
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Platforms Tested: Aix5
2004
Race condition vulnerability (BUGTRAQ ID: 8805) of /usr/bin/bellmail command on Aix5
This exploit takes advantage of a race condition vulnerability in the /usr/bin/bellmail command on Aix5. It allows an attacker to change the owner of any file to the current user. The exploit script x_aix5_bellmail.pl is used to perform the exploit. The aim_file parameter specifies the file that the attacker wants to change the owner of. The exploit relies on a race condition, so multiple runs may be needed. The x_bellmail.sh script can assist with using this exploit.
Mitigation:
IBM has provided a patch named "IY25661" to address this vulnerability.