CVE-2007-5804

Sažetak

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.

Reference

ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611
http://secunia.com/advisories/27437
http://www.securityfocus.com/bid/26258
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405
https://exchange.xforce.ibmcloud.com/vulnerabilities/38154

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-07-2017 - 01:33

Objavljeno

05-11-2007 - 17:46