Rapid7 Vulnerability & Exploit Database

AIX 6.1.1 - aix61_advisory : AIX_61_multiple_security_vulnerabilities (IZ35170)

Back to Search

AIX 6.1.1 - aix61_advisory : AIX_61_multiple_security_vulnerabilities (IZ35170)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
11/26/2008
Created
07/25/2018
Added
10/02/2014
Modified
10/02/2014

Description

There are multiple vulnerabilities in AIX 6.1: a) If the netcd daemon is running, a buffer overflow is created in the setuid root program /usr/sbin/ndp, resulting in privilege escalation. Track with the following APAR numbers: IZ35181 IZ35170 IZ35209. b) There is a buffer overflow in the privileged command /usr/sbin/autoconf6, resulting privilege escaltion if RBAC (role based access control) is in use and a user has the aix.network.config.tcpip authorization.. Track with the following APAR numbers: IZ34753 IZ34393 IZ30231. c) The privileged command /usr/bin/enq can remove any file on the system if a print queue is defined in /etc/qconfig. . Track with the following APAR numbers: IZ34785 IZ34481 IZ33088. d) The privileged command /usr/bin/crontab grants elevated privileges to the editor if a user has the aix.system.config.cron authorization. Track with the following APAR numbers: IZ34783 IZ34478 IZ30248. The following files are vulnerable: /usr/sbin/ndp /usr/sbin/autoconf6 /usr/bin/enq /usr/bin/crontab

Solution(s)

  • aix-6.1.1-aix_61_multiple_security_vulnerabilities_aix61_advisory

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;