CVE-2007-5804

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-5804
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar Patch
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611
http://secunia.com/advisories/27437
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061
http://www.securityfocus.com/bid/26258 Patch
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/38154
ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar Patch
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611
http://secunia.com/advisories/27437
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061
http://www.securityfocus.com/bid/26258 Patch
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/38154
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
History

21 Nov 2024, 00:38

Type Values Removed Values Added
References () ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar - Patch () ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar - Patch
References () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611 - () http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611 -
References () http://secunia.com/advisories/27437 - () http://secunia.com/advisories/27437 -
References () http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055 - () http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055 -
References () http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061 - () http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061 -
References () http://www.securityfocus.com/bid/26258 - Patch () http://www.securityfocus.com/bid/26258 - Patch
References () http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405 - Patch () http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405 - Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/38154 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/38154 -
Information

Published : 2007-11-05 17:46

Updated : 2024-11-21 00:38

NVD link : CVE-2007-5804

Mitre link : CVE-2007-5804

CVE.ORG link : CVE-2007-5804

JSON object : View

Products Affected

ibm

  • aix
CWE
NVD-CWE-Other