CVE-2007-0392

2007-01-19T18:28:00
ID CVE-2007-0392
Type cve
Reporter NVD
Modified 2018-10-16T12:32:28

Description

IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.