| CVE-2007-5805 | Date: (C)2007-11-05 (M)2023-12-22 |
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.
CVSS Score and Metrics +CVSS Score and Metrics -| CVSS V2 Severity: |
| CVSS Score : 6.9 |
| Exploit Score: 3.4 |
| Impact Score: 10.0 |
| |
| CVSS V2 Metrics: |
| Access Vector: LOCAL |
| Access Complexity: MEDIUM |
| Authentication: NONE |
| Confidentiality: COMPLETE |
| Integrity: COMPLETE |
| Availability: COMPLETE |
| | |
