IBM9EDE619C58758EAF3B34068F1F8D0F8EE781E7A3DC9C8BA77193D12F42F2014FSecurity Bulletin: AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)
5.2 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.4%
Summary
Vulnerability in RPM could allow a remote authenticated attacker to execute arbitrary code (CVE-2023-7104). RPM is used by AIX for package management.
Vulnerability Details
CVEID:CVE-2023-7104
**DESCRIPTION:**SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the sessionReadRecord function in ext/session/sqlite3session.c. By sending a specially crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/276235 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| AIX | 7.2 |
| AIX | 7.3 |
| VIOS | 3.1 |
| VIOS | 4.1 |
The vulnerabilities in the following filesets are being addressed:
| Fileset | Lower Level | Upper Level |
|---|---|---|
| rpm.rte | 4.15.1.1000 | 4.15.1.1012 |
| rpm.rte | 4.15.1.2000 | 4.15.1.2010 |
| rpm.rte | 4.18.1.2000 | 4.18.1.2002 |
To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user’s guide.
Example: lslpp -L | grep -i rpm.rte
Remediation/Fixes
FIXES
IBM strongly recommends addressing the vulnerability now.
A fix is available, and it can be downloaded from:
<https://www.ibm.com/resources/mrs/assets?source=aixbp>
For 7.2 TL5 and VIOS 3.1:
rpm.rte.4.15.1.1013
For 7.3 TL0 and TL1:
rpm.rte.4.15.1.2011
For 7.3 TL2 and VIOS 4.1:
rpm.rte.4.18.1.2003
IMPORTANT: If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.
Note that all the previously reported security vulnerability fixes are also included in above mentioned fileset level.
To preview the fix installation:
installp -apYd . rpm
To install the fix package:
installp -aXYd . rpm
openssl dgst -sha256 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]
openssl dgst -sha256 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]
Published advisory OpenSSL signature file location:
<https://aix.software.ibm.com/aix/efixes/security/rpm_advisory2.asc.sig>
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| aix | eq | 7.2 | |
| aix | eq | 7.3 | |
| powervm virtual i/o server | eq | 3.1 | |
| powervm virtual i/o server | eq | 4.1 |
Related
5.2 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.4%