VULHUB ™

It has been reported that policyd and rsvpd daemons are prone to an insecure file creation vulnerability that may allow an attacker to use symbolic links to corrupt system files or potentially gain elevated privileges. The problem arises as the daemons create log files and pid files in world readable format without checking for symbolic links. Successful exploitation of this issue may allow an attacker to create or modify arbitrary files. This may lead to a denial of service due to system file corruption or allow an attacker to gain elevated privileges. AIX 5.1 has been reported to be vulnerable to this issue, although unconfirmed other versions may be affected as well.

It has been reported that policyd and rsvpd daemons are prone to an insecure file creation vulnerability that may allow an attacker to use symbolic links to corrupt system files or potentially gain elevated privileges. The problem arises as the daemons create log files and pid files in world readable format without checking for symbolic links. Successful exploitation of this issue may allow an attacker to create or modify arbitrary files. This may lead to a denial of service due to system file corruption or allow an attacker to gain elevated privileges. AIX 5.1 has been reported to be vulnerable to this issue, although unconfirmed other versions may be affected as well.