AIX : Multiple Vulnerabilities (IJ54679)

high Nessus Plugin ID 237755

Synopsis

The remote AIX host is missing a security patch.

Description

The version of AIX installed on the remote host is prior to APAR IJ54679. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ54679 advisory.

- A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about size many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. (CVE-2017-9047)

- libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE:
this is similar to CVE-2017-9047. (CVE-2025-24928)

- libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. (CVE-2025-27113)

- libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
(CVE-2024-56171)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Please apply the appropriate interim fix per APAR IJ54679.

See Also

https://www.ibm.com/support/pages/node/7235623

https://www.ibm.com/support/pages/apar/IJ54679

Plugin Details

Severity: High

ID: 237755

File Name: aix_IJ54679.nasl

Version: 1.1

Type: local

Published: 6/4/2025

Updated: 6/4/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.1

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2017-9047

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2025-27113

Vulnerability Information

Required KB Items: Host/local_checks_enabled, Host/AIX/version, Host/AIX/lslpp

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/4/2025

Vulnerability Publication Date: 5/18/2017

Reference Information

CVE: CVE-2017-9047, CVE-2024-56171, CVE-2025-24928, CVE-2025-27113