6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the “-p” option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file’s name as the argument.
ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar
labs.idefense.com/intelligence/vulnerabilities/display.php?id=611
secunia.com/advisories/27437
www-1.ibm.com/support/docview.wss?uid=isg1IZ03055
www-1.ibm.com/support/docview.wss?uid=isg1IZ03061
www.securityfocus.com/bid/26258
www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405
exchange.xforce.ibmcloud.com/vulnerabilities/38154