6.9

CVE-2007-5804

EPSS 0.05%
Published 05.11.2007 17:46:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Ibm ≫ Aix Version5.2

Ibm ≫ Aix Version5.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.124

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/27437

ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar

Patch

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611

http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055

http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061

http://www.securityfocus.com/bid/26258

Patch

http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/38154

https://nvd.nist.gov/vuln/detail/CVE-2007-5804

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5804

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5804

EUVD