CVE-2007-6680 - Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block

CVE-2007-6680

Summary

Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.

References

http://secunia.com/advisories/28257
http://www.securityfocus.com/bid/27177
http://www.securitytracker.com/id?1019158
http://www.vupen.com/english/advisories/2008/0060
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ12119

Vulnerable Configurations

cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 08-03-2011 - 03:03)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:N

refmap via4

aixapar	IZ12119
bid	27177
sectrack	1019158
secunia	28257
vupen	ADV-2008-0060

Last major update

08-03-2011 - 03:03

Published

10-01-2008 - 23:46

Last modified

08-03-2011 - 03:03