Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5804

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2007-5804
Last Modified 10 Sep 2008 09:02:12
Published 05 Nov 2007 12:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5804

Summary

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.

Vulnerable Systems

Operating System

  • Ibm Aix 5.2

  • Ibm Aix 5.3


References

CONFIRM - http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405

BID - 26258

CONFIRM - ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar

XF - aix-swcons-insecure-permissions(38154)

AIXAPAR - IZ03061

AIXAPAR - IZ03055

SECUNIA - 27437

IDEFENSE - 20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability


Last Updated: 27 May 2016 10:46:17