CVE-2007-5805

2007-11-05T17:46:00
ID CVE-2007-5805
Type cve
Reporter cve@mitre.org
Modified 2017-07-29T01:33:00

Description

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.