CVE-2004-2634

Vulnerability

The vulnerability exists in the bos.rte.serv_aid and bos.rte.console filesets in IBM AIX versions 5.1 and 5.2. These filesets create temporary files in an insecure manner, allowing a local user to perform a symlink attack to overwrite arbitrary files on the system. The exact attack vectors are not fully disclosed in the available references [1].

Exploitation

An attacker must have local access to the system and be able to create symbolic links. The attacker can predict or control the temporary file names used by the vulnerable filesets. By placing a symlink pointing to a target file (e.g., a system configuration file) in the location where the temporary file is created, the attacker can cause the fileset to write to the target file instead. No authentication beyond local user credentials is required.

Impact

Successful exploitation allows a local attacker to overwrite arbitrary files on the system, potentially leading to privilege escalation, denial of service, or system compromise. The attacker gains the ability to modify critical system files, which can result in full control over the affected AIX system.

Mitigation

IBM released fixes for this issue via APARs IY55790 and IY55789, but the specific fixed versions are not detailed in the available references [1]. Administrators should apply the latest AIX maintenance packages or contact IBM support for the appropriate patches. As a workaround, ensure that temporary directories are not world-writable and monitor for suspicious symlink creation.