AIX 7.1 TL 2 : wparcre (IV51421)

Medium Nessus Plugin ID 72927

Synopsis

The remote AIX host is missing a security patch.

Description

If ftpd is run in a 5.2 or 5.3 WPAR, a non-root user who logs in via ftp is allowed to access all files within the WPAR.

Solution

Install the appropriate interim fix.

See Also

http://www.nessus.org/u?583faf6d

http://aix.software.ibm.com/aix/efixes/security/wparcre_advisory.asc

Plugin Details

Severity: Medium

ID: 72927

File Name: aix_IV51421.nasl

Version: $Revision: 1.1 $

Type: local

Published: 2014/03/11

Modified: 2014/03/11

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:ibm:aix:7.1

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/03/06

Vulnerability Publication Date: 2014/03/06

Reference Information

CVE: CVE-2014-0899

BID: 66051

OSVDB: 104101