Description
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.
References (8)
Core 8
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055
Various Sources vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38154
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27437
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26258
Patch x_refsource_confirm
ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611
Scores
EPSS
0.0031
EPSS Percentile
22.2%
Details
CWE
CWE-59
Status
published
Products (2)
ibm/aix
5.2
ibm/aix
5.3
Published
Nov 05, 2007
Tracked Since
Feb 18, 2026