AIX 5.2 TL 10 : bos.rte.cron (U823619)

🗓️ 17 Jul 2009 00:00:00Reported by TenableType

The remote host is missing AIX PTF U823619 related to the security of the package bos.rte.cron. The 'at' command does not drop permissions when reading certain files, allowing a local attacker to exploit this error to read any file on the system

Reporter	Title	Published	Views	Family All 20
Tenable Nessus	AIX 5.2 TL 0 : at (IZ43452)	24 Jan 201300:00	–	nessus
Tenable Nessus	AIX 5.3 TL 0 : at (IZ43453)	24 Jan 201300:00	–	nessus
Tenable Nessus	AIX 5.3 TL 7 : at (IZ43454)	24 Jan 201300:00	–	nessus
Tenable Nessus	AIX 5.3 TL 8 : at (IZ43455)	24 Jan 201300:00	–	nessus
Tenable Nessus	AIX 5.3 TL 9 : at (IZ43456)	24 Jan 201300:00	–	nessus
Tenable Nessus	AIX 6.1 TL 0 : at (IZ43457)	24 Jan 201300:00	–	nessus
Tenable Nessus	AIX 6.1 TL 1 : at (IZ43458)	24 Jan 201300:00	–	nessus
Tenable Nessus	AIX 6.1 TL 2 : at (IZ43459)	24 Jan 201300:00	–	nessus
Tenable Nessus	AIX 5.3 TL 6 : bos.rte.cron (U821986)	30 Apr 200900:00	–	nessus
Tenable Nessus	AIX 5.3 TL 8 : bos.rte.cron (U822098)	30 Apr 200900:00	–	nessus

Source	Link
www-01	www.www-01.ibm.com/support/docview.wss
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were extracted
# from AIX Security PTF U823619. The text itself is copyright (C)
# International Business Machines Corp.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(39811);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2009-0536");

  script_name(english:"AIX 5.2 TL 10 : bos.rte.cron (U823619)");
  script_summary(english:"Check for PTF U823619");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote AIX host is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is missing AIX PTF U823619, which is related to the
security of the package bos.rte.cron.

The at command does not drop permissions when reading certain files. A
local attacker may exploit this error to read any file on the system
because the command is setuid root.

The following file is vulnerable :

/usr/bin/at."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ43452"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install the appropriate missing security-related fix."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/02/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/02/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

flag = 0;

if ( aix_check_patch(ml:"520010", patch:"U823619", package:"bos.rte.cron.5.2.0.107") < 0 ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

04 Jan 2021 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 24.9

EPSS0.0006