[VIM] IBM changing significant details?
Stuart Moore
smoore at securityglobal.net
Thu Mar 23 21:53:42 EST 2006
If I remember correctly, it was either SecurityFocus or Secunia (or
both) that originally reported the 'mklvcopy' aspect (BID 17115 still
mentions it). But the first time we saw the APAR, it only mentioned
BOS.RTE.LVM and the entirely useless "security issue" description.
Stuart
security curmudgeon wrote:
> : > OSVDB entry for 'mklvcopy' on 2006-03-13, and the IBM advisory was last
> : > modified on 2006-03-14. If memory serves, it originally said the
> : > 'mklvcopy' command and had vague wording, which lead to the OSVDB title of
> : > "AIX mklvcopy Unspecified Local Issue".
> :
> : Well this adds a bit of confusion alright. Maybe "mklvcopy" wasn't even
> : relevant to the issue as specified in the IBM report, so it could be an
> : entirely different issue. Dunno...
>
> The original text with that APAR suggested a customer submitted it, and
> they may have noticed the behavior via the mklvcopy command. After
> research from IBM, they likely found the underlying issue elsewhere and
> updated the text. That is what I am assuming.. and if true, discouraging
> that they removed details that are likely relevant.
>
More information about the VIM
mailing list