[VIM] Nomadic IBM APAR's

Steven M. Christey coley at mitre.org
Thu Feb 22 19:29:29 EST 2007


All,

The following URL:

  http://www-1.ibm.com/support/docview.wss?uid=swg1IY94817

Used to be for APAR IY94817, but now it's 404.

Apparently it moved here:

  http://www-1.ibm.com/support/docview.wss?uid=swg21255747

Although under "Related information" they refer to their own broken
link.


Lately, I've been running across these nomadic URLs in IBM's web site
more frequently.

Once upon a time, you could plugin in an [APAR] number into the
following and get something:

  http://www-1.ibm.com/support/search.wss?rs=0&q=[APAR]&apar=only

but this isn't always working, and neither does the "Search" button at
the top always work.

How do other people deal with this?

Oh, by the way - there's a slight inconsistency between what IY94817
*used to say* and what iDEFENSE is saying in their "IBM DB2 Universal
Database DB2INSTANCE File Creation Vulnerability" advisory,
i.e. IY94817 mentions symlinks but iDEFENSE does not.

The old IY94817 said: "SECURITY: DB2DIAG.LOG SYMBOLIC LINK OVERWRITE
VULNERABILITY...  A vulnerability exists in several set-uid DB2
binaries that can be exploited by a local user. The vulnerability
allows a local user to write to any file on the system through the use
of symbolic links (also known as symlinks or soft links). This problem
does not affect Windows systems."

The new version refers to a buffer overflow and a "symlink overwrite."

- Steve


More information about the VIM mailing list