Vulnerability Description
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Aix | 5.2 |
References
- ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tarPatch
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611
- http://secunia.com/advisories/27437
- http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055
- http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061
- http://www.securityfocus.com/bid/26258Patch
- http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&headPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38154
- ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tarPatch
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611
- http://secunia.com/advisories/27437
- http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055
- http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061
- http://www.securityfocus.com/bid/26258Patch
- http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&headPatch
FAQ
What is CVE-2007-5804?
CVE-2007-5804 is a vulnerability with a CVSS score of 6.9 (MEDIUM). cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable wo...
How severe is CVE-2007-5804?
CVE-2007-5804 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5804?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aix.