IBM Information for VU#123651

IBM AIX lsfs utility invokes grep and lslv with relative pathnames



Vendor Statement

IBM fixed this vulnerability in AIX 4.3.3 and has made available APAR IY16909 that closes the security hole. Customers using AIX 4.3.3 are urged to apply this APAR, if they have not already done so. AIX 5.1 is not affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.