Vulnerability Description
IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Aix | 5.3 |
References
- http://www.securityfocus.com/archive/1/457279/100/0/threaded
- http://www.securityfocus.com/archive/1/457315/100/0/threaded
- http://www.securityfocus.com/archive/1/457279/100/0/threaded
- http://www.securityfocus.com/archive/1/457315/100/0/threaded
FAQ
What is CVE-2007-0392?
CVE-2007-0392 is a vulnerability with a CVSS score of 4.6 (MEDIUM). IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setui...
How severe is CVE-2007-0392?
CVE-2007-0392 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0392?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aix.