vulnerability bulletin CVE-2012-2179
AIX: privilege elevation via libodm
Synthesis of the vulnerability
A local attacker can create a symbolic link when an application linked to libodm is used, in order to corrupt a file with privileges of the application.Impacted products:
BID-54122, CERTA-2012-AVI-350, CVE-2012-2179, IV21379, IV21381, IV21382, IV21383, IV22019, VIGILANCE-VUL-11728.
Description of the vulnerability
The libodm library is used by ODM (Object Data Manager) which handles system and application configuration. Several applications linked to libodm are installed suid root.
A function of the libodm.a library creates a file, but does not check the presence of a symbolic link. The file pointed by the link is thus created with privileges of the application linked to libodm.
A local attacker can therefore create a symbolic link when an application linked to libodm is used, in order to corrupt a file with privileges of the application.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a computer vulnerability bulletin
. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.