AIX 6.1 TL 9 : xorg (IJ11000)

High Nessus Plugin ID 119626

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4

Synopsis

The remote AIX host is missing a security patch.

Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14665 X.Org X server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of command line parameters. An attacker could exploit this vulnerability using the -modulepath argument or the -logfile argument to overwrite arbitrary files and execute unprivileged code on the system.

Solution

Install the appropriate interim fix.

See Also

http://aix.software.ibm.com/aix/efixes/security/xorg_advisory3.asc

Plugin Details

Severity: High

ID: 119626

File Name: aix_IJ11000.nasl

Version: 1.8

Type: local

Published: 2018/12/13

Updated: 2019/04/25

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 7.4

Vulnerability Information

CPE: cpe:/o:ibm:aix:6.1

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/12/11

Vulnerability Publication Date: 2018/12/11

Exploitable With

Metasploit (Xorg X11 Server SUID logfile Privilege Escalation)

Reference Information

CVE: CVE-2018-14665