IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
References
Configurations
Information
Published : 2007-01-19 15:28
Updated : 2018-10-16 09:32
NVD link : CVE-2007-0392
Mitre link : CVE-2007-0392
JSON object : View
CWE
Products Affected
ibm
- aix