Search...

AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)

2018-01-25T00:00:00
ID AIX_IJ03036.NASL
Type nessus
Reporter Tenable
Modified 2018-05-25T00:00:00

Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory spectre_meltdown_advisory.asc.
#

include("compat.inc");

if (description)
{
  script_id(106316);
  script_version("1.6");
  script_cvs_date("Date: 2018/05/25 17:09:06");

  script_cve_id("CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754");
  script_xref(name:"IAVA", value:"2018-A-0019");
  script_xref(name:"IAVA", value:"2018-A-0020");

  script_name(english:"AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)");
  script_summary(english:"Check for APAR IJ03036");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote AIX host is missing a security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754"
  );
  # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0ecfba9a"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install the appropriate interim fix."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/01/25");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/25");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );

flag = 0;

if (aix_check_ifix(release:"7.2", ml:"02", sp:"00", patch:"IJ03036m1a", package:"bos.mp64", minfilesetver:"7.2.2.0", maxfilesetver:"7.2.2.0") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"02", sp:"01", patch:"IJ03036m1a", package:"bos.mp64", minfilesetver:"7.2.2.0", maxfilesetver:"7.2.2.0") < 0) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
JSON Vulners Source
Initial Source


All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018
Protected by