There are multiple vulnerabilities in AIX 6.1: a) If the netcd daemon is running, a buffer overflow is created in the setuid root program /usr/sbin/ndp, resulting in privilege escalation. Track with the following APAR numbers: IZ35181 IZ35170 IZ35209. b) There is a buffer overflow in the privileged command /usr/sbin/autoconf6, resulting privilege escaltion if RBAC (role based access control) is in use and a user has the aix.network.config.tcpip authorization.. Track with the following APAR numbers: IZ34753 IZ34393 IZ30231. c) The privileged command /usr/bin/enq can remove any file on the system if a print queue is defined in /etc/qconfig. . Track with the following APAR numbers: IZ34785 IZ34481 IZ33088. d) The privileged command /usr/bin/crontab grants elevated privileges to the editor if a user has the aix.system.config.cron authorization. Track with the following APAR numbers: IZ34783 IZ34478 IZ30248. The following files are vulnerable: /usr/sbin/ndp /usr/sbin/autoconf6 /usr/bin/enq /usr/bin/crontab
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center