AIX 6.1 TL 0 : powerha (IV76943) (deprecated)

High Nessus Plugin ID 85943

Synopsis

This plugin has been deprecated.

Description

IBM PowerHA SystemMirror has a systems management feature (CSPOC) which includes an option to allow users to change their password cluster-wide. Once added to this list, a non-root user may be able to exploit a vulnerability in one of the scripts shipped with the product to switch user (su) to the root user.

This plugin has been deprecated and replaced with aix_powerha_advisory.nasl (plugin ID 94674) to more accurately check for multiple potential fixes.

Solution

n/a

See Also

http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.asc

Plugin Details

Severity: High

ID: 85943

File Name: aix_IV76943.nasl

Version: $Revision: 2.5 $

Type: local

Published: 2015/09/16

Modified: 2016/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSSv2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:ibm:aix:6.1

Required KB Items: Host/AIX/lslpp, Host/local_checks_enabled, Host/AIX/version

Patch Publication Date: 2015/09/11

Vulnerability Publication Date: 2015/09/11

Reference Information

CVE: CVE-2015-5005