CVE Vulnerability

CVE-2008-4018

swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www.ibm.com/support/docview.wss?uid=isg1IZ18341
http://aix.software.ibm.com/aix/efixes/security/swcons_advisory.asc
http://www.ibm.com/support/docview.wss?uid=isg1IZ18338
http://www.ibm.com/support/docview.wss?uid=isg1IZ18335
http://www.securityfocus.com/bid/30999
http://secunia.com/advisories/31739
http://www.ibm.com/support/docview.wss?uid=isg1IZ28943
http://www.ibm.com/support/docview.wss?uid=isg1IZ18334
http://securitytracker.com/id?1020818
http://www.ibm.com/support/docview.wss?uid=isg1IZ18339
http://www.vupen.com/english/advisories/2008/2490
https://exchange.xforce.ibmcloud.com/vulnerabilities/44903
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5932
Configurations

Configuration 1

cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
Information

Published : 2008-09-11 01:13

Updated : 2017-09-29 01:31

NVD link : CVE-2008-4018

Mitre link : CVE-2008-4018

Products Affected
No products.
CWE
CWE-264