AIX 7.1 TL 1 : wparcre (IV51420)

Medium Nessus Plugin ID 72926

Synopsis

The remote AIX host is missing a security patch.

Description

If ftpd is run in a 5.2 or 5.3 WPAR, a non-root user who logs in via ftp is allowed to access all files within the WPAR.

Solution

Install the appropriate interim fix.

See Also

http://www.nessus.org/u?583faf6d

http://aix.software.ibm.com/aix/efixes/security/wparcre_advisory.asc

Plugin Details

Severity: Medium

ID: 72926

File Name: aix_IV51420.nasl

Version: 1.3

Type: local

Published: 2014/03/11

Modified: 2018/06/29

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:aix:7.1

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/03/06

Vulnerability Publication Date: 2014/03/06

Reference Information

CVE: CVE-2014-0899

BID: 66051