QwikSec

Security Database

CVE

CWE

Training

CVE-2007-5805

Published: Nov 5, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

aix-swcons-insecure-permissions(38154)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_AIXAPAR

vendor-advisory

x_refsource_AIXAPAR

20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability

third-party-advisory

x_refsource_IDEFENSE

http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.