AIX 5.2 TL 0 : kernel (IZ16992)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote AIX host is missing a security patch.

Description :

There are multiple vulnerabilities in the AIX kernel :

a) A 64-bit process that is restarted via the checkpoint and restart
feature will gain read and write access to certain areas of kernel
memory, resulting in execution of arbitrary code. Track with the
following APAR numbers: IZ16992, IZ17111, IZ11820, IZ12794.

b) Remote nodes of a concurrent volume group may crash after
a single node reduces the size of a JFS2 filesystem residing
on the concurrent volume group, resulting in a denial of
service. Track with the following APAR numbers: IZ05246,
IZ04953, IZ04946.

c) The proc filesystem does not enforce directory access
controls correctly when the permission on a directory is
more restrictive than permission on the currently executing
file in that directory, resulting in information leakage.
Track with the following APAR numbers: IZ06022, IZ06663,
IZ06505.

d) Trusted Execution fails to protect files when the
modifications are made via hard links. Affects AIX 6.1 only.
Track with the following APAR number: IZ13418

e) Some WPAR specific system calls may cause undefined
behavior, possibly resulting in a denial of service. Affects
AIX 6.1 only. Track with the following APAR numbers:
IZ13392, IZ13346

f) A user with enough privileges to run ProbeVue can read
from any kernel memory address, resulting in information
leakage. Affects AIX 6.1 only. Track with the following APAR
number: IZ09545

The following files are vulnerable :

/usr/lib/boot/unix_64 /usr/lib/boot/unix_mp
/usr/lib/boot/unix_up /usr/lib/drivers/hd_pin
/usr/sbin/lreducelv

The fixes below include the fixes for all of the above
APARs.

See also :

http://aix.software.ibm.com/aix/efixes/security/kernel_advisory.asc

Solution :

Install the appropriate interim fix.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: AIX Local Security Checks

Nessus Plugin ID: 64316 ()

Bugtraq ID:

CVE ID: CVE-2008-1593

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now