The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM...
Low severity
Unreviewed
Published
Apr 29, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Description
Published by the National Vulnerability Database
Nov 3, 2004
Published to the GitHub Advisory Database
Apr 29, 2022
Last updated
Jan 30, 2023
The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.
References