From proff Wed Jul 24 12:56:06 1996 Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id MAA10766 for best-of-security; Wed, 24 Jul 1996 12:56:06 +1000 Received: from brimstone.netspace.org ([128.148.157.143]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id IAA00426 for ; Wed, 24 Jul 1996 08:05:41 +1000 Received: from netspace.org ([128.148.157.6]) by brimstone.netspace.org with ESMTP id <24050-3188>; Tue, 23 Jul 1996 18:04:13 -0500 Received: from netspace.org (netspace [128.148.157.6]) by netspace.org (8.7/8.6.12) with SMTP id SAA00409; Tue, 23 Jul 1996 18:00:57 -0400 Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8b) with spool id 196370 for BUGTRAQ@NETSPACE.ORG; Tue, 23 Jul 1996 17:51:12 -0400 Received: from netspace.org (netspace [128.148.157.6]) by netspace.org (8.7/8.6.12) with SMTP id RAA31096 for ; Tue, 23 Jul 1996 17:38:19 -0400 Approved-By: ALEPH1@UNDERGROUND.ORG Received: from intrepid.somers.hqregion.ibm.com (ers-fw.ers.ibm.com [204.146.173.34]) by netspace.org (8.7/8.6.12) with ESMTP id OAA07743 for ; Tue, 23 Jul 1996 14:25:59 -0400 Received: from localhost (davy@localhost [127.0.0.1]) by intrepid.somers.hqregion.ibm.com (8.7.5/4.4davy) with ESMTP id OAA17421; Tue, 23 Jul 1996 14:28:40 -0400 (EDT) Approved-By: "David A. Curry" Message-ID: <199607231828.OAA17421@intrepid.somers.hqregion.ibm.com> Date: Tue, 23 Jul 1996 14:28:30 EDT Reply-To: Bugtraq List Sender: proff From: "David A. Curry" Subject: Re: vulnerability in vi under AIX 3.2 X-To: Marina Buitrago Bravo To: Multiple recipients of list BUGTRAQ In-Reply-To: Message from Marina Buitrago Bravo of "Tue, 23 Jul 1996 09:53:49 -0000" From: Marina Buitrago Bravo Date: Tue, 23 Jul 1996 09:53:49 +0000 Subject: vulnerability in vi under AIX 3.2 Hello all. I have found out that under AIX 3.2 the vi editor interprets the file ./.exrc, even if you are root and this file is not owned by you. This vulnerability seems rather obvious to me, do you know if a patch exists for this? According to the AIX Security Development team, this was fixed in APAR IX44685, released in June 1994. Contact your IBM representative to obtain a copy of this fix. --Dave -- David A. Curry IBM Internet Emergency Response Service Senior Internet Security Analyst Long Meadow Road, M/S 223 Information Warfare Center Sterling Forest, NY 10979 U.S.A. davy@vnet.ibm.com +1 914 759-4452