1. Home
  2. CVE Database
  3. CVE-2007-5805
MEDIUM · 6.9

CVE-2007-5805

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writabili...

Vulnerability Description

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.

CVSS Score

6.9

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
IbmAix5.2

Related Weaknesses (CWE)

CWE-59

References

FAQ

What is CVE-2007-5805?

CVE-2007-5805 is a vulnerability with a CVSS score of 6.9 (MEDIUM). cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writabili...

How severe is CVE-2007-5805?

CVE-2007-5805 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-5805?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Aix.