U radu operacijskog sustava IBM AIX otkriven je sigurnosni propust koji lokalnim napadačima omogućuje stjecanje većih ovlasti te stvaranje i prepisivanje proizvoljnih datoteka.

Secunia Advisory SA49618
IBM AIX libodm Insecure File Creation Vulnerability
Release Date 	2012-06-21

Criticality level 	Less criticalLess critical
Impact 	Privilege escalation
Where 	Local system
Authentication level 	Available in Customer Area
  	 
Report reliability 	Available in Customer Area
Solution Status 	Vendor Patch
  	 
Systems affected 	Available in Customer Area
Approve distribution 	Available in Customer Area
Remediation status 	Secunia CSI, Secunia PSI
Automated scanning 	Secunia CSI, Secunia PSI
  	 
Operating System	
	AIX 5.x
	AIX 6.x
	AIX 7.x

Secunia CVSS Score 	Available in Customer Area
CVE Reference(s) 	CVE-2012-2179 CVSS available in Customer Area
	   	

Description

A vulnerability has been reported in IBM AIX, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The vulnerability is caused due to libodm creating temporary files in an insecure manner, which can be exploited via symlink attacks to create and overwrite arbitrary files.

The vulnerability is reported in AIX 5.3, 6.1, and 7.1.

Solution
Apply interim fix or APAR when available.

Provided and/or discovered by
The vendor credits Jakub Wartak

Original Advisory
IBM (IV22019, IV21379, IV21381, IV21382, IV21383)
http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc

IBM X-Force:
http://xforce.iss.net/xforce/xfdb/75510