AIX coverage: See what you need to see

Last updated at Sat, 19 Aug 2017 02:49:09 GMT

In a huge refinement to IBM AIX vulnerability coverage, Nexpose version 5.10.8 and later scans AIX machines for a specific set of patches related to known vulnerabilities. This more focused approach provides easier management of AIX machines by allowing you to see very quickly how affected systems are vulnerable and which solutions need to be applied.

As Nexpose searches only for vulnerabilities, the scans are significantly faster. This allows you to stay up to date with the published vulnerabilities in your AIX systems and quickly and efficiently patch these issues. In addition, the generated vulnerability checks have a level of sophistication that makes them very precise.

The following is an example of a Nexpose vulnerability check generated for AIX version 7.1. As you can see, this vulnerability returns over several versions of the product:

<?xml version="1.0" encoding="UTF-8"?>
<VulnerabilityCheck id="aix-7.1-syscall_advisory" scope="node" version="1.0">
  <System>
    <OS vendor="IBM" name="AIX">
      <version>
        <value>7.1</value>
      </version>
    </OS>
  </System>
  <InstalledSoftware>
    <Product name="bos.rte.tty" vendor="IBM">
      <version>
        <range>
          <low inclusive="1">5.3.12.0</low>
          <high inclusive="1">5.3.12.4</high>
        </range>
      </version>
      <version>
        <range>
          <low inclusive="1">6.1.6.0</low>
          <high inclusive="1">6.1.6.19</high>
        </range>
      </version>
      <version>
        <range>
          <low inclusive="1">6.1.7.0</low>
          <high inclusive="1">6.1.7.16</high>
        </range>
      </version>
      <version>
        <range>
          <low inclusive="1">7.1.0.0</low>
          <high inclusive="1">7.1.0.18</high>
        </range>
      </version>
      <version>
        <range>
          <low inclusive="1">7.1.1.0</low>
          <high inclusive="1">7.1.1.16</high>
        </range>
      </version>
    </Product>
  </InstalledSoftware>
</VulnerabilityCheck>

This allows Nexpose to scan for a vulnerability across the range of versions in this installed product. For example, bos.rte.tty is vulnerable from 5.3.12.0 to 5.3.12.4, 6.1.6.0 to 6.1.6.19, 6.1.7.0 to 6.1.7.16, 7.1.0.0 to 7.1.0.18 and 7.1.1.0 to 7.1.1.16. The ability to have a number of ranges with safe patch levels in between is vital, as updating to the highest patch level is not always feasible. This system of multiple ranges, and the ability to mark the upper and lower limit as inclusive or non-inclusive prevents false positives and false negatives.