AIX 7.1 TL 1 : ftp (IV28787)

Medium Nessus Plugin ID 63742

Synopsis

The remote AIX host is missing a security patch.

Description

The root owned files can be read by non-root users only when the directory permissions are set allowed for non-root users. For example, a non-root user won't be able to read anything under /etc/security, but can read files like /etc/rc.wpars under ftp.

Solution

Install the appropriate interim fix.

See Also

http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc

Plugin Details

Severity: Medium

ID: 63742

File Name: aix_IV28787.nasl

Version: $Revision: 1.7 $

Type: local

Published: 2013/01/24

Modified: 2013/08/25

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Vulnerability Information

CPE: cpe:/o:ibm:aix:7.1

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Patch Publication Date: 2012/10/18

Vulnerability Publication Date: 2012/10/18

Reference Information

CVE: CVE-2012-4845