iDefense Security Advisory 05.19.09 – Local exploitation of a file overwrite vulnerability in IBM Corp.’s Advanced Interactive eXecutive (AIX) could allow an attacker to overwrite arbitrary files and execute arbitrary code. The AIX libc implementation of malloc includes a debugging mechanism that is initiated by setting the MALLOCTYPE and MALLOCDEBUG environment variables. This debugging feature writes to a user-specified log file under certain conditions. There is a gap in time between the checks to see if the file is a symbolic link and the process of opening the file. If an attacker can change the file to be a symbolic link to another file within this time frame, it is possible to cause a set-uid binary to write to files owned by privileged users. iDefense confirmed the existence of this vulnerability in IBM Corp.’s AIX version 5.3. Other versions may also be affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/77705/05.19.09-1.txt
Source: https://packetstormsecurity.com/files/77705/iDEFENSE-Security-Advisory-2009-05-19.1.html