Vulnerability Name:

CVE-2007-5805 (CCN-38154)

Assigned:2007-10-25
Published:2007-10-25
Updated:2017-07-29
Summary:cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument.
Note: this issue is due to an incomplete fix for CVE-2007-5804.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-59
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: IBM AIX FTP site
IBM AIX

Source: CONFIRM
Type: Patch
ftp://aix.software.ibm.com/aix/efixes/security/cfgcon_ifix.tar

Source: MITRE
Type: CNA
CVE-2007-5804

Source: MITRE
Type: CNA
CVE-2007-5805

Source: IDEFENSE
Type: UNKNOWN
20071030 IBM AIX swcons Local Arbitrary File Access Vulnerability

Source: CCN
Type: SA27437
IBM AIX Multiple Privilege Escalation Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
27437

Source: AIXAPAR
Type: UNKNOWN
IZ03055

Source: CCN
Type: IBM APAR IZ03055
POTENTIAL SECURITY ISSUE.

Source: AIXAPAR
Type: UNKNOWN
IZ03061

Source: CCN
Type: IBM APAR IZ03061
POTENTIAL SECURITY ISSUE.

Source: CCN
Type: OSVDB ID: 40401
IBM AIX cfgcon swcons -p Argument Symlink Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 47911
IBM AIX swcons Command Local Privilege Escalation

Source: BID
Type: Patch
26258

Source: CCN
Type: BID-26258
IBM AIX Swcons Arbitrary File Access Vulnerability

Source: CONFIRM
Type: Patch
http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX53&path=%2F200710%2FSECURITY%2F20071030%2Fdatafile100405

Source: CCN
Type: IBM SECURITY ADVISORY
AIX swcons file ownership/permission vulnerability

Source: XF
Type: UNKNOWN
aix-swcons-insecure-permissions(38154)

Source: XF
Type: UNKNOWN
aix-swcons-insecure-permissions(38154)

Source: CCN
Type: iDefense PUBLIC ADVISORY: 10.30.07
IBM AIX swcons Local Arbitrary File Access Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/o:ibm:aix:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:5.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:ibm:aix:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:5.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm aix 5.2
    ibm aix 5.3
    ibm aix 5.2
    ibm aix 5.3