IBME65D183E60A949C6E0A6A23C1A3B6559E8C392940E661B38D0DACC3B8E06DEEASecurity Bulletin: AIX is vulnerable to a denial of service due to the AIX SMB client (CVE-2022-43381)
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
17.6%
Summary
A vulnerability in the AIX SMB client daemon could allow a non-privileged local user to cause a denial of service (CVE-2022-43381). AIX uses the SMB client daemon to access files on SMB servers.
Vulnerability Details
CVEID:CVE-2022-43381
**DESCRIPTION:**IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238639 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| AIX | 7.1 |
| AIX | 7.2 |
| AIX | 7.3 |
| VIOS | 3.1 |
The following fileset levels are vulnerable:
| Fileset | Lower Level | Upper Level |
|---|---|---|
| smbc.rte | 7.1.0.0 | 7.1.302.8 |
| smbc.rte | 7.2.0.0 | 7.2.302.8 |
To determine if your system is vulnerable, execute the following commands:
lslpp -L | grep -i smbc.rte
Remediation/Fixes
FIXES
IBM strongly recommends addressing the vulnerability now.
The fixes can be downloaded via ftp or http from:
ftp://aix.software.ibm.com/aix/efixes/security/smbcd_fix2.tar
<http://aix.software.ibm.com/aix/efixes/security/smbcd_fix2.tar>
<https://aix.software.ibm.com/aix/efixes/security/smbcd_fix2.tar>
The latest SMB client fileset may also be downloaded from:
<https://www.ibm.com/resources/mrs/assets?source=aixbp>
To extract the fixes from the tar file:
For AIX 7.1:
tar xvf smbcd_fix2.tar
gunzip smbc_302_fileset_71.tar.gz | tar xvf
For AIX 7.2, 7.3, and VIOS 3.1:
tar xvf smbcd_fix2.tar
gunzip smbc_302_fileset_72.tar.gz | tar xvf
IMPORTANT: If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.
To preview the fix installation:
installp -apYd . smbc
To install the fix package:
installp -aXYd . smbc
Verify you have retrieved the fixes intact:
The checksums below were generated using the “openssl dgst -sha256 [file]” command as the following:
| openssl dgst -sha256 | filename |
|---|---|
| 261e08badda1c179e487c2ee20b772cea526a9868a3fd9a8b5c66479a7cb95ca | smbc_302_fileset_71.tar.gz |
| e99d99ce8336a61a888c826c43a97869f3a2df8fcacd59b141770b5ad98a86fc | smbc_302_fileset_72.tar.gz |
These sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes. If the sums or signatures cannot be confirmed, contact IBM AIX Support at <https://ibm.com/support/> and describe the discrepancy.
openssl dgst -sha256 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]
openssl dgst -sha256 -verify [pubkey_file] -signature [fix_file].sig [fix_file]
Published advisory OpenSSL signature file location:
<http://aix.software.ibm.com/aix/efixes/security/smbcd_advisory2.asc.sig>
<https://aix.software.ibm.com/aix/efixes/security/smbcd_advisory2.asc.sig>
ftp://aix.software.ibm.com/aix/efixes/security/smbcd_advisory2.asc.sig
Workarounds and Mitigations
None
Affected configurations
Related
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
17.6%