6.9
CVE-2007-5804
- EPSS 0.31%
- Veröffentlicht 05.11.2007 17:46:00
- Zuletzt bearbeitet 16.06.2026 22:46:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.222 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/27437
ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061
http://www.securityfocus.com/bid/26258
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405
https://exchange.xforce.ibmcloud.com/vulnerabilities/38154