[VIM] IBM changing significant details?

security curmudgeon jericho at attrition.org
Thu Mar 23 08:54:36 EST 2006


While doing routine cross-referencing, I noticed SecurityTracker had a 
peculiar note for one advisory:

http://securitytracker.com/alerts/2006/Mar/1015786.html

[Editor's note: This flaw was reported in other databases as affecting the 
'mklvcopy' command and as allowing local privilege escalation, but the 
vendor's advisory does not confirm these details.]

http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739

Security issue in bos.rte.lvm.

--

So ST is right, as the advisory currently stands. However, I made the 
OSVDB entry for 'mklvcopy' on 2006-03-13, and the IBM advisory was last 
modified on 2006-03-14. If memory serves, it originally said the 
'mklvcopy' command and had vague wording, which lead to the OSVDB title of 
"AIX mklvcopy Unspecified Local Issue". Secunia changed their title and 
description on 2006-03-21 (as mentioned in their changelog) and it no 
longer mentions 'mklvcopy'. Interesting..


More information about the VIM mailing list