VULHUB ™

IBM AIX implementation of bellmail has been reported prone to a race condition vulnerability. The issue has been reported to present itself due to an insecure chown operation performed by bellmail on a temporary file. Although unconfirmed, it has been conjectured that a local attacker may exploit this issue by replacing the affected file, in a crucial timeframe, with a symlink to an arbitrary system file and have bellmail change ownership of the linked file.

IBM AIX implementation of bellmail has been reported prone to a race condition vulnerability. The issue has been reported to present itself due to an insecure chown operation performed by bellmail on a temporary file. Although unconfirmed, it has been conjectured that a local attacker may exploit this issue by replacing the affected file, in a crucial timeframe, with a symlink to an arbitrary system file and have bellmail change ownership of the linked file.