[VIM] IBM changing significant details?
security curmudgeon
jericho at attrition.org
Thu Mar 23 08:54:36 EST 2006
While doing routine cross-referencing, I noticed SecurityTracker had a
peculiar note for one advisory:
http://securitytracker.com/alerts/2006/Mar/1015786.html
[Editor's note: This flaw was reported in other databases as affecting the
'mklvcopy' command and as allowing local privilege escalation, but the
vendor's advisory does not confirm these details.]
http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739
Security issue in bos.rte.lvm.
--
So ST is right, as the advisory currently stands. However, I made the
OSVDB entry for 'mklvcopy' on 2006-03-13, and the IBM advisory was last
modified on 2006-03-14. If memory serves, it originally said the
'mklvcopy' command and had vague wording, which lead to the OSVDB title of
"AIX mklvcopy Unspecified Local Issue". Secunia changed their title and
description on 2006-03-21 (as mentioned in their changelog) and it no
longer mentions 'mklvcopy'. Interesting..
More information about the VIM
mailing list