Bugtraq mailing list archives

Re: vulnerability in vi under AIX 3.2

From: maxim () ugcs caltech edu (Max Bloomfield)
Date: Wed, 24 Jul 1996 03:22:38 -0700


In mlist.bugtraq you write:

I can not duplicate this on our AIX 3.2.5 machines -- vi only reads
$HOME/.exrc .  Since root's $HOME is /, you've got a bigger problem if folks
can write to the .exrc.....


If within $HOME/.exrc "set exrc" appears, then ./.exrc will be sourced upon
startup of vi, in AIX 3.2.4.  I don't know about 3.2.5, but I suspect that
it is the same.

Max Bloomfield
maxim () ugcs caltech edu
maxim () cco caltech edu

Current thread:

Re: vulnerability in vi under AIX 3.2 David A. Curry (Jul 23)
- Quota Trojan Jordy (Jul 24)
- <Possible follow-ups>
- Re: vulnerability in vi under AIX 3.2 Max Bloomfield (Jul 24)
  - Re: vulnerability in vi under AIX 3.2 Bill Pemberton (Jul 24)
  - CERT Advisory CA-96.14 - Vulnerability in rdist CERT Advisory (Jul 24)