IBM Information for VU#405955

util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility

Status

Not Affected

Vendor Statement

IBM's AIX operating system is not vulnerable to the above issues. While IBM does supply open source packages for AIX through the AIX Toolbox for Linux Applications, the util-linux package is not one of them.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.