CVE-2007-5805

by Fred · 05/11/2007

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file’s name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.

Date published : 2007-11-05

http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055

http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061

CVE-2007-5805

Similar

Recent Posts

Categories

CVE-2007-5805

Share this:

Similar

Recent Posts

Categories

Tags