AIX 7.3 TL 1 : kernel (IJ50935)

2024-05-1000:00:00

www.tenable.com

aix 7.3

security

patch

kernel

privilege escalation

unix domain

datagram socket

vulnerability

CVSS3

8.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

https://vulners.com/cve/CVE-2024-27273 IBM AIX’s Unix domain datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory kernel_advisory7.asc.
#

include("compat.inc");

if (description)
{
  script_id(195309);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/10");

  script_cve_id("CVE-2024-27273");

  script_name(english:"AIX 7.3 TL 1 : kernel (IJ50935)");
  script_summary(english:"Check for APAR IJ50935");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote AIX host is missing a security patch."
  );
  script_set_attribute(
    attribute:"description",
    value:
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27273 IBM
AIX's Unix domain datagram socket implementation could potentially
expose applications using Unix domain datagram sockets with SO_PEERID
operation and may lead to privilege escalation."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://aix.software.ibm.com/aix/efixes/security/kernel_advisory7.asc"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Install the appropriate interim fix."
  );
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/05/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );

flag = 0;

if (aix_check_ifix(release:"7.3", ml:"01", sp:"01", patch:"IJ50935m1a", package:"bos.mp64", minfilesetver:"7.3.1.0", maxfilesetver:"7.3.1.4") < 0) flag++;
if (aix_check_ifix(release:"7.3", ml:"01", sp:"02", patch:"IJ50935m2a", package:"bos.mp64", minfilesetver:"7.3.1.0", maxfilesetver:"7.3.1.4") < 0) flag++;
if (aix_check_ifix(release:"7.3", ml:"01", sp:"03", patch:"IJ50935s3a", package:"bos.mp64", minfilesetver:"7.3.1.0", maxfilesetver:"7.3.1.4") < 0) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");