Lucene search

[email protected]CVE-2007-5804

HistoryNov 05, 2007 - 5:46 p.m.

CVE-2007-5804

2007-11-0517:46:00

[email protected]

web.nvd.nist.gov

ibm aix

cfgcon

local users

arbitrary files

vulnerability

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the “-p” option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file’s name as the argument.

Affected configurations

NVD

Node

ibmaixMatch5.2

ibmaixMatch5.3

CPENameOperatorVersion
ibm:aixibm aixeq5.2
ibm:aixibm aixeq5.3

CPE	Name	Operator	Version
ibm:aix	ibm aix	eq	5.2
ibm:aix	ibm aix	eq	5.3

References

ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar

labs.idefense.com/intelligence/vulnerabilities/display.php?id=611

secunia.com/advisories/27437

www-1.ibm.com/support/docview.wss?uid=isg1IZ03055

www-1.ibm.com/support/docview.wss?uid=isg1IZ03061

www.securityfocus.com/bid/26258

www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405

exchange.xforce.ibmcloud.com/vulnerabilities/38154

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-5804

nvd2 cvelist2 prion2 cve1