AIX 5.2 TL 0 : swcons (IZ18335)

A file permission/ownership vulnerability exists in the 'bos.rte.console' fileset command listed below whereby a local attacker may create arbitrary contents within a file owned by root using the 'swcons' command. The local attacker must be a member of the 'system' group gid=0 to execute this...

AIX 5.3 TL 7 : swcons (IZ18338)

A file permission/ownership vulnerability exists in the 'bos.rte.console' fileset command listed below whereby a local attacker may create arbitrary contents within a file owned by root using the 'swcons' command. The local attacker must be a member of the 'system' group gid=0 to execute this...

AIX 5.3 TL 0 : swcons (IZ18339)

A file permission/ownership vulnerability exists in the 'bos.rte.console' fileset command listed below whereby a local attacker may create arbitrary contents within a file owned by root using the 'swcons' command. The local attacker must be a member of the 'system' group gid=0 to execute this...

AIX 5.3 TL 8 : swcons (IZ18334)

A file permission/ownership vulnerability exists in the 'bos.rte.console' fileset command listed below whereby a local attacker may create arbitrary contents within a file owned by root using the 'swcons' command. The local attacker must be a member of the 'system' group gid=0 to execute this...

AIX 6.1 TL 1 : swcons (IZ28943)

A file permission/ownership vulnerability exists in the 'bos.rte.console' fileset command listed below whereby a local attacker may create arbitrary contents within a file owned by root using the 'swcons' command. The local attacker must be a member of the 'system' group gid=0 to execute this...

Design/Logic Flaw

swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exis...

CVE-2008-4018

swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exis...

IBM AIX 'swcons'不安全文件建立漏洞

BUGTRAQ ID: 30999 CNCAN ID：CNCAN-2008090411 IBM AIX是一款商业性质的操作系统。 IBM AIX 'swcons'不安全建立临时文件，本地攻击者可以利用漏洞以ROOT用户建立任意文件，可导致获得超级用户权限。 要运行'swcons'工具，必须本地用户属于'system'组成员。 IBM AIX 6.1 IBM AIX 5.3 IBM AIX 5.2 可参考如下补丁程序： IBM AIX 6.1 IBM IZ18341 http://www.ibm.com/support/docview.wss?uid=isg1IZ18341 IBM...

Design/Logic Flaw

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: thi...

IBM AIX Swcons任意文件访问漏洞

IBM AIX是一款商业性质的操作系统。 IBM AIX包含的swcons程序存在设计错误，本地攻击者可以利用漏洞访问系统任意文件。 swcons程序用于控制台记录临时记录在文件或设备中。swcons在处理-p选项时缺少过滤检查，如果用户使用-p选项指定文件，文件内容会被65,535字节未受控制数据覆盖，如果文件不存在，它会建立，文件也转换为222权限，允许所有用户修改，通过指定系统文件可导致拒绝服务或特权提升。 IBM AIX 5.3 IBM AIX 5.2 补丁下载： IBM AIX 5.2 IBM cfgconifix.tar...

iDefense Security Advisory 10.30.07: IBM AIX swcons Local Arbitrary File Access Vulnerability

IBM AIX swcons Local Arbitrary File Access Vulnerability iDefense Security Advisory 10.30.07 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 30, 2007 I. BACKGROUND The swcons program is a set-uid root application which is installed by default on IBM AIX. It allows for console logs to b...

Buffer overflow

Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978...

CVE-2007-4791

Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978...

Buffer overflow

Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data...

CVE-2007-0978

CVE-2007-0978 affects IBM AIX 5.3; a buffer overflow in the swcons component of bos.rte.console allows local users to gain privileges via long input data. The root cause is a buffer overflow in the swcons command. Reported impact is local privilege escalation; exploitation details are not provide...

CVE-2007-0978

Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data...

CVE-2005-3504

CVE-2005-3504 is a buffer overflow in swcons within IBM AIX 5.2 (with debug malloc enabled) that could allow a remote attacker to trigger a core dump and potentially execute arbitrary code. The connected documents corroborate the affected component (swcons) and the underlying cause (buffer overfl...

CVE-2005-3504

Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code...

CVE-2005-2237

Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments...

CVE-2005-2237

Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments...