CVE-2007-0392

Name of the Vulnerable Software and Affected Versions: IBM AIX version 5.3

Description: The issue allows local users to gain privileges by exploiting a flaw in how file descriptors are verified before setuid execution. This can be achieved by closing file descriptor 0, 1, or 2 and then invoking a setuid program.

Recommendations: For IBM AIX version 5.3, consider restricting the invocation of setuid programs to minimize the risk of exploitation. As a temporary workaround, ensure that file descriptors 0, 1, and 2 are properly handled before executing setuid programs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.