AIX NAS Advisory : nas_advisory2.asc
Low Nessus Plugin ID 81022
SynopsisThe remote AIX host has a version of NAS installed that is affected by an information disclosure vulnerability.
DescriptionThe version of the Network Authentication Service (NAS) installed on the remote AIX host is affected by a vulnerability related to Kerberos 5 which allows authenticated users to retrieve current keys, which can be used to forge tickets.
SolutionA fix is available and can be downloaded from the AIX website.
If the NAS fileset level is below 184.108.40.206, then install version 220.127.116.11.
If the NAS fileset level is at 18.104.22.168 through 22.214.171.124, then install version 126.96.36.199. The 1.6.0.X branch is a separate release branch for NAS SPNEGO feature.
To extract the fixes from the tar file, use the command :
zcat NAS_1.X.0.X_aix_image.tar.Z | tar xvf -
IMPORTANT : If possible, it is recommended that a mksysb backup of the system be created. Verify that it is both bootable and readable before proceeding.
To preview the fix installation, use the command :
installp -a - fix_name -p all
To install the fix package, use the command :
installp -a - fix_name -X all