CVE-2007-5804 — Link Following in IBM AIX

CWE-59 — Link Following6 documents3 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 84.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM AIX

Timeline

PublishedNov 5

Latest updateMay 3

Description

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/aix5.2, 5.3+1

Patches

Patch: aix.software.ibm.com ↗Patch: www.securityfocus.com ↗Patch: www14.software.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-m77g-9r5h-645w: cfgcon in IBM AIX 5↗2022-05-03

▶

GHSA

GHSA-wjg4-7q94-8q6c: cfgcon in IBM AIX 5↗2022-05-03

▶

CVEList

CVE-2007-5805: cfgcon in IBM AIX 5↗2007-11-05

▶

CVEList

CVE-2007-5804: cfgcon in IBM AIX 5↗2007-11-05

▶