CVE-2007-5804 Information

Description

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the -p\ option to swcons which allows local users in the system group to create or overwrite an arbitrary file and enable world writability of this file by using the file’s name as the argument.

Reference

ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611 http://secunia.com/advisories/27437 http://www.securityfocus.com/bid/26258 http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055 http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061 http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=2F2007102FSECURITY2F200710302Fdatafile100405 https://exchange.xforce.ibmcloud.com/vulnerabilities/38154