CVE-2008-4018

high

Description

swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5932

https://exchange.xforce.ibmcloud.com/vulnerabilities/44903

http://www.vupen.com/english/advisories/2008/2490

http://www.securityfocus.com/bid/30999

http://www.ibm.com/support/docview.wss?uid=isg1IZ28943

http://www.ibm.com/support/docview.wss?uid=isg1IZ18341

http://www.ibm.com/support/docview.wss?uid=isg1IZ18339

http://www.ibm.com/support/docview.wss?uid=isg1IZ18338

http://www.ibm.com/support/docview.wss?uid=isg1IZ18335

http://www.ibm.com/support/docview.wss?uid=isg1IZ18334

http://securitytracker.com/id?1020818

http://secunia.com/advisories/31739

http://aix.software.ibm.com/aix/efixes/security/swcons_advisory.asc

Details

Source: Mitre, NVD

Published: 2008-09-11

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High