CVE-2007-5804

Name of the Vulnerable Software and Affected Versions IBM AIX versions 5.2 through 5.3

Description The issue allows local users in the system group to create or overwrite an arbitrary file and enable world writability of this file by using the file's name as the argument to the "-p" option in swcons.

Recommendations For IBM AIX versions 5.2 through 5.3, consider restricting access to the swcons command and the cfgcon utility to prevent unauthorized file creation or modification. As a temporary workaround, consider disabling the use of the "-p" option in swcons until a proper fix is available.