Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2007-5805

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.8%
CVSS Severity
CVSS v2 Score 6.9
References
Products affected by CVE-2007-5805
  • Ibm » Aix » Version: 5.2
    cpe:2.3:o:ibm:aix:5.2
  • Ibm » Aix » Version: 5.3
    cpe:2.3:o:ibm:aix:5.3


Contact Us

Shodan ® - All rights reserved