CVE-2007-5805 - Vulnerability Details - OpenCVE

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix

Configuration 1 [-]

OR	cpe:2.3:o:ibm:aix:5.2:::::::*
	cpe:2.3:o:ibm:aix:5.3:::::::*

No data.

References

Link	Providers
ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611
http://secunia.com/advisories/27437
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061
http://www.securityfocus.com/bid/26258
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405
https://exchange.xforce.ibmcloud.com/vulnerabilities/38154

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-05T17:00:00

Updated: 2024-08-07T15:47:00.293Z

Reserved: 2007-11-05T00:00:00

Link: CVE-2007-5805

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-11-05T17:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-5805

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-25T00:00:00", "descriptions": [{"lang": "en", "value": "cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the \"-p\" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "aix-swcons-insecure-permissions(38154)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154"}, {"name": "27437", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27437"}, {"name": "26258", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26258"}, {"name": "IZ03055", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar"}, {"name": "IZ03061", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061"}, {"name": "20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5805", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the \"-p\" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "aix-swcons-insecure-permissions(38154)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154"}, {"name": "27437", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27437"}, {"name": "26258", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26258"}, {"name": "IZ03055", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055"}, {"name": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar", "refsource": "CONFIRM", "url": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar"}, {"name": "IZ03061", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061"}, {"name": "20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611"}, {"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405", "refsource": "CONFIRM", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:47:00.293Z"}, "title": "CVE Program Container", "references": [{"name": "aix-swcons-insecure-permissions(38154)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154"}, {"name": "27437", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27437"}, {"name": "26258", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26258"}, {"name": "IZ03055", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar"}, {"name": "IZ03061", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061"}, {"name": "20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5805", "datePublished": "2007-11-05T17:00:00", "dateReserved": "2007-11-05T00:00:00", "dateUpdated": "2024-08-07T15:47:00.293Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "17EECCCB-D7D1-439A-9985-8FAE8B44487B", "vulnerable": true}, {"criteria": "cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the \"-p\" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804."}, {"lang": "es", "value": "cfgcon de IBM AIX 5.2 and 5.3 no valida apropiadamente el argumento de la opci\u00f3n \"-p\" en swcons, lo cual permite a usuarios locales en el grupo del sistema crear un fichero de su elecci\u00f3n, y habilitar la escritura de todos en este fichero, a trav\u00e9s de un enlace simb\u00f3lico involucrando el uso del nombre del fichero como argumento.\r\nNOTA: este asunto se debe a un parche incompleto para CVE-2007-5804."}], "id": "CVE-2007-5805", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-11-05T17:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar"}, {"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27437"}, {"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055"}, {"source": "cve@mitre.org", "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/26258"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=611"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27437"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/26258"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38154"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}