CVE-2007-5804
First published: Mon Nov 05 2007(Updated: )
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM AIX | =5.3 | |
| IBM AIX | =5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611
- http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405
- http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055
- http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061
- http://www.securityfocus.com/bid/26258
- http://secunia.com/advisories/27437
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38154
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/ibm
- canonical/ibm aix
- version/ibm aix/5.3
- version/ibm aix/5.2