AIX 7.1 TL 1 : wparcre (IV51420)

medium Nessus Plugin ID 72926

Synopsis

The remote AIX host is missing a security patch.

Description

If ftpd is run in a 5.2 or 5.3 WPAR, a non-root user who logs in via ftp is allowed to access all files within the WPAR.

Solution

Install the appropriate interim fix.

See Also

http://www.nessus.org/u?583faf6d

https://aix.software.ibm.com/aix/efixes/security/wparcre_advisory.asc

Plugin Details

Severity: Medium

ID: 72926

File Name: aix_IV51420.nasl

Version: 1.6

Type: local

Published: 3/11/2014

Updated: 4/21/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Vulnerability Information

CPE: cpe:/o:ibm:aix:7.1

Required KB Items: Host/local_checks_enabled, Host/AIX/version, Host/AIX/lslpp

Exploit Ease: No known exploits are available

Patch Publication Date: 3/6/2014

Vulnerability Publication Date: 3/6/2014

Reference Information

CVE: CVE-2014-0899

BID: 66051