IBM AIX 5.x and 6.x revelation of local information via ‘at’ command

A vulnerability in IBM AIX 5.x and 6.x has been found which could be exploited by a local attacker to access sensitive information.The vulnerability is caused by a bug in the ‘at’ (/usr/bin/at) as it does not limit the privilege to read certain files (It has root permissions). This could be exploited by a local attacker to read any file.

This vulnerability confirmed in AIX 5.2.x, 5.3.xy 6.1.x. Depending on the version and platform, it is recommended to apply the following patches available for download from:

http://aix.software.ibm.com/aix/efixes/security/at_fix.tar
ftp://aix.software.ibm.com/aix/efixes/security/at_fix.tar

More Information:

AIX at information disclosure vulnerability

Leave a Reply