we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability bulletin CVE-2012-2179

AIX: privilege elevation via libodm

Synthesis of the vulnerability

A local attacker can create a symbolic link when an application linked to libodm is used, in order to corrupt a file with privileges of the application.
Impacted products: AIX.
Severity: 2/4.
Creation date: 21/06/2012.
Identifiers: BID-54122, CERTA-2012-AVI-350, CVE-2012-2179, IV21379, IV21381, IV21382, IV21383, IV22019, VIGILANCE-VUL-11728.

Description of the vulnerability

The libodm library is used by ODM (Object Data Manager) which handles system and application configuration. Several applications linked to libodm are installed suid root.

A function of the libodm.a library creates a file, but does not check the presence of a symbolic link. The file pointed by the link is thus created with privileges of the application linked to libodm.

A local attacker can therefore create a symbolic link when an application linked to libodm is used, in order to corrupt a file with privileges of the application.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides a computer vulnerability bulletin. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.