cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.
CVSS Score
6.9
EPSS Score
0.001
Published
2007-11-05
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.
CVSS Score
6.9
EPSS Score
0.0
Published
2007-11-05
Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-11-05
Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.
CVSS Score
7.2
EPSS Score
0.002
Published
2007-11-05
Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-11-05
Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-11-05
Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-11-05
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
CVSS Score
7.6
EPSS Score
0.097
Published
2007-09-18
Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978.
CVSS Score
7.2
EPSS Score
0.0
Published
2007-09-10
Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-09-10