Bugtraq mailing list archives
Re: vulnerability in vi under AIX 3.2
From: wfp5p () tigger itc virginia edu (Bill Pemberton)
Date: Tue, 23 Jul 1996 13:38:07 -0400
Hello all. I have found out that under AIX 3.2 the vi editor interprets the file ./.exrc, even if you are root and this file is not owned by you. This vulnerability seems rather obvious to me, do you know if a patch exists for this?
I can not duplicate this on our AIX 3.2.5 machines -- vi only reads $HOME/.exrc . Since root's $HOME is /, you've got a bigger problem if folks can write to the .exrc..... You can also make sure you run tvi since it will ONLY read /etc/.exrc -- Bill Pemberton wfp5p () virginia edu ITC/Unix Systems flash () virginia edu University of Virginia uunet!virginia!wfp5p
Current thread:
- Re: HP/UX 10.01 Remote Administration accoun Jeff Uphoff (Jul 18)
- Re: HP/UX 10.01 Remote Administration accoun Mark Sedlock (Jul 18)
- FreeBSD recent exploits. Andy Dills (Jul 18)
- tcp Bj|rge Eikenes (Jul 23)
- Re: tcp Brian Mitchell (Jul 23)
- dg/ux vulnerbility Brian Mitchell (Jul 23)
- vulnerability in vi under AIX 3.2 Marina Buitrago Bravo (Jul 23)
- Re: vulnerability in vi under AIX 3.2 Bill Pemberton (Jul 23)
- Re: vulnerability in vi under AIX 3.2 (IN LINUX) Nelson N. Escravana (Jul 24)
- FreeBSD recent exploits. Andy Dills (Jul 18)
- Re: FreeBSD recent exploits. Cy Schubert - ITSD Open Systems Group (Jul 23)
- Re: HP/UX 10.01 Remote Administration accoun Mark Sedlock (Jul 18)