IBM's eNetwork Firewall for AIX contains a number of vulnerability in scripts which manipulate files insecurely. When fwlsuser script is run it creates a temporary file called /tmp/fwlsuser.PID ( where PID is the process ID of the command being run ). If this file is created previously and is a link to any other file the output generated by the fwlsuser script will overwrite this linked file.
x = 5000
LOCAL FIX AS REPORTED BY ORIGINATOR:
ln -s /etc/passwd /tmp/fwlsuser.$x
# rm /tmp/fwlsuser.$x
IBM AIX eNetwork Firewall Insecure Temporary File Creation
Local Access Required
Loss of Integrity
AIX eNetwork Firewall contains a flaw that may allow a local user to overwrite or append to arbitrary files. The issue is due to a number of insecure calls to the /tmp directory for file creation. If an attacker creates a symlink before the scripts are run, they can overwrite or append data to any file on the system.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.