First published: Fri Jan 19 2007(Updated: )
IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM AIX | =5.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.