Title: IBM AIX 'swcons' Insecure File Creation Vulnerability
Severity: MODERATE
Description:
AIX 'swcons' is a utility for temporarily redirecting system console output to a specified device or file.
The utility is prone to a vulnerability that lets attackers create root-owned files that have insecure permissions. This issue is related to the issue discussed in BID 26258.
Currently very few technical details are available. We will update this BID as more information emerges.
Local attackers can exploit this issue to execute arbitrary code with superuser privileges. Note that to run the 'swcons' utility, local users must belong to the 'system' group.
This issue affects AIX 5.2, 5.3, and 6.1; fixes are available.
Affected Products:
- IBM AIX 5.2
- IBM AIX 5.3
- IBM AIX 6.1
References:
- IBM: AIX Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
