CVE-2007-5805

Name of the Vulnerable Software and Affected Versions IBM AIX versions 5.2 through 5.3

Description The issue is related to the cfgcon in IBM AIX, which does not properly validate the argument to the "-p" option to swcons. This allows local users in the system group to create an arbitrary file and enable world writability of this file via a symlink attack involving use of the file's name as the argument.

Recommendations For IBM AIX versions 5.2 through 5.3, consider restricting access to the swcons command with the "-p" option to prevent arbitrary file creation and modification. As a temporary workaround, consider disabling the use of the "-p" option in swcons until a proper fix is applied.