Security Bulletin: Vulnerability in ksu affects AIX (CVE-2020-4829)

Summary

There is a vulnerability in the ksu user command that affects AIX.

Vulnerability Details

CVEID:CVE-2020-4829
**DESCRIPTION:**IBM AIX could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189960 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

The following fileset levels are vulnerable:

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide.

Example: lslpp -L | grep -i krb5.client.rte

Remediation/Fixes

FIXES

AIX and VIOS fixes are available and can be downloaded from:

<https://www-01.ibm.com/marketing/iwm/iwm/web/pickUrxNew.do?source=aixbp&gt;

To extract the fixes from the tar file:

zcat NAS_1.16.1.3_aix_image.tar.Z | tar xvf -

IMPORTANT: If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

Note that all the previously reported security vulnerability fixes are also included in above mentioned fileset level. Please refer to the readme file (provided along with the fileset) for the complete list of vulnerabilities fixed.

To preview the fix installation:

installp -apYd NAS_1.16.1.3_aix_image krb5

To install the fix package:

installp -aXYd NAS_1.16.1.3_aix_image krb5

openssl dgst -sha1 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]

openssl dgst -sha1 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]

Published advisory OpenSSL signature file location:

<http://aix.software.ibm.com/aix/efixes/security/ksu_advisory.asc.sig&gt;

<https://aix.software.ibm.com/aix/efixes/security/ksu_advisory.asc.sig&gt;

ftp://aix.software.ibm.com/aix/efixes/security/ksu_advisory.asc.sig

Workarounds and Mitigations

None