CVE-2008-4018

EUVD-2008-4003
swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors.  NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
ibmaix
5.2
ibmaix
5.3
ibmaix
6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aix.software.ibm.com/aix/efixes/security/swcons_advisory.asc
http://secunia.com/advisories/31739
http://securitytracker.com/id?1020818
http://www.ibm.com/support/docview.wss?uid=isg1IZ18334
http://www.ibm.com/support/docview.wss?uid=isg1IZ18335
http://www.ibm.com/support/docview.wss?uid=isg1IZ18338
http://www.ibm.com/support/docview.wss?uid=isg1IZ18339
http://www.ibm.com/support/docview.wss?uid=isg1IZ18341
http://www.ibm.com/support/docview.wss?uid=isg1IZ28943
http://www.securityfocus.com/bid/30999
http://www.vupen.com/english/advisories/2008/2490
https://exchange.xforce.ibmcloud.com/vulnerabilities/44903
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5932
http://aix.software.ibm.com/aix/efixes/security/swcons_advisory.asc
http://secunia.com/advisories/31739
http://securitytracker.com/id?1020818
http://www.ibm.com/support/docview.wss?uid=isg1IZ18334
http://www.ibm.com/support/docview.wss?uid=isg1IZ18335
http://www.ibm.com/support/docview.wss?uid=isg1IZ18338
http://www.ibm.com/support/docview.wss?uid=isg1IZ18339
http://www.ibm.com/support/docview.wss?uid=isg1IZ18341
http://www.ibm.com/support/docview.wss?uid=isg1IZ28943
http://www.securityfocus.com/bid/30999
http://www.vupen.com/english/advisories/2008/2490
https://exchange.xforce.ibmcloud.com/vulnerabilities/44903
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5932