CVE-2007-5804 - OpenCVE

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*

No data.

References

Link	Providers
ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611
http://secunia.com/advisories/27437
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061
http://www.securityfocus.com/bid/26258
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405
https://exchange.xforce.ibmcloud.com/vulnerabilities/38154

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-05T17:00:00

Updated: 2024-08-07T15:47:00.214Z

Reserved: 2007-11-05T00:00:00

Link: CVE-2007-5804

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-11-05T17:46:00.000

Modified: 2017-07-29T01:33:52.943

Link: CVE-2007-5804

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the \"-p\" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "aix-swcons-insecure-permissions(38154)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154"}, {"name": "27437", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27437"}, {"name": "26258", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26258"}, {"name": "IZ03055", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar"}, {"name": "IZ03061", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061"}, {"name": "20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5804", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the \"-p\" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "aix-swcons-insecure-permissions(38154)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154"}, {"name": "27437", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27437"}, {"name": "26258", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26258"}, {"name": "IZ03055", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055"}, {"name": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar", "refsource": "CONFIRM", "url": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar"}, {"name": "IZ03061", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061"}, {"name": "20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611"}, {"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405", "refsource": "CONFIRM", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:47:00.214Z"}, "title": "CVE Program Container", "references": [{"name": "aix-swcons-insecure-permissions(38154)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154"}, {"name": "27437", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27437"}, {"name": "26258", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26258"}, {"name": "IZ03055", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar"}, {"name": "IZ03061", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061"}, {"name": "20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5804", "datePublished": "2007-11-05T17:00:00", "dateReserved": "2007-11-05T00:00:00", "dateUpdated": "2024-08-07T15:47:00.214Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the \"-p\" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument."}, {"lang": "es", "value": "cfgcon en IBM AIX 5.2 y 5.3 no valida adecuadamente el argumento de la opci\u00f3n \"-p\" a swcons, lo cual permite a usuarios locales del grupo sysmtem crear o sobrescribir ficheros de su elecci\u00f3n, y habilitar el fichero para escritura para todo el mundo, utilizando el nombre de fichero como argumento."}], "id": "CVE-2007-5804", "lastModified": "2017-07-29T01:33:52.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-11-05T17:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar"}, {"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27437"}, {"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055"}, {"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/26258"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}