EUVD-2021-16201

Malware in sbrugna...

Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability (CVE-2022-34356)

Summary UPDATED Oct 10 Added iFixes with the correct prereqs for VIOS 3.1.2.30 and 3.1.2.40: A vulnerability in the AIX kernel could allow a non-privileged local user to obtain root privileges CVE-2022-34356. Vulnerability Details CVEID:CVE-2022-34356 DESCRIPTION: IBM AIX could allow a...

Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2023-26286)

Summary A vulnerability in the AIX runtime services library could allow a non-privileged local user to execute arbitrary commands CVE-2023-26286. Vulnerability Details CVEID:CVE-2023-26286 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX runtime...

AIX is vulnerable to denial of service due to zlib and zlibNX

IBM SECURITY ADVISORY First Issued: Tue Jul 25 11:05:17 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/zlibadvisory2.asc Security Bulletin: AIX is vulnerable to denial of service due to zlib CVE-2022-37434...

CVE-2023-28528 IBM AIX command execution

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207...

AIX (IJ45221)

The version of AIX installed on the remote host is prior to APAR IJ45221. It is, therefore, affected by a vulnerability as referenced in the IJ45221 advisory. - Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify tha...

Security Bulletin: Vulnerability in libc affects AIX (CVE-2021-29860)

Summary UPDATED Mar 17 Corrected the affected upper fileset levels for AIX 7.1 TL5 to show that SP11 is affected. Added iFix for 7.1 TL5 SP11 There is a vulnerability in the libc.a library that affects AIX. Vulnerability Details CVEID:CVE-2021-29860 DESCRIPTION: IBM AIX could allow a non-privileg...

AIX (IJ43073)

The version of AIX installed on the remote host is prior to APAR IJ43073. It is, therefore, affected by a vulnerability as referenced in the IJ43073 advisory. - IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflo...

CVE-2022-41290

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rmrlcachefile command to obtain root privileges. IBM X-Force ID: 236690...

Code injection

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599...

AIX (IJ42230)

The version of AIX installed on the remote host is prior to APAR IJ42230. It is, therefore, affected by a vulnerability as referenced in the IJ42230 advisory. - IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rmrlcachefile command to...

Security Bulletin: AIX is vulnerable to a denial of service due to lpd (CVE-2022-22444)

Summary UPDATED Sep 13 Added iFix information for 7.1 TL5 SP10 and 7.2 TL4 SP6: A vulnerability in the AIX lpd printer daemon could allow a local user with elevated privileges to cause a denial of service CVE-2022-22444. The lpd daemon is the remote print server on AIX. Vulnerability Details...

Security Bulletin: AIX is vulnerable to denial of service due to zlib and zlibNX (CVE-2018-25032)

Summary A vulnerability in zlib and zlibNX could allow a remote attacker to cause a denial of service CVE-2018-25032. AIX uses zlib and zlibNX as part of its data compression functions. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a...

AIX is vulnerable to denial of service due to zlib and zlibNX

IBM SECURITY ADVISORY First Issued: Wed Sep 28 13:38:50 CDT 2022 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/zlibadvisory.asc https://aix.software.ibm.com/aix/efixes/security/zlibadvisory.asc...

AIX is vulnerable to arbitrary code execution and RPM database corruption and denial of service due to RPM.

IBM SECURITY ADVISORY First Issued: Fri Sep 23 09:39:22 CDT 2022 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/rpmadvisory.asc https://aix.software.ibm.com/aix/efixes/security/rpmadvisory.asc...

AIX is vulnerable to a privilege escalation vulnerability due to invscout

IBM SECURITY ADVISORY First Issued: Mon Sep 12 14:58:31 CDT 2022 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/invscoutadvisory3.asc https://aix.software.ibm.com/aix/efixes/security/invscoutadvisory3.asc...

AIX 7.1 TL 5 : lpd (IJ39868)

https://vulners.com/cve/CVE-2022-22444 https://vulners.com/cve/CVE-2022-22444 IBM AIX could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. C Tenable Network Security, Inc. The text in the description was extracted from AIX Security Advisory...

Security Bulletin: Vulnerability in mount affects AIX (CVE-2021-38990)

Summary There is a vulnerability in the mount command that affects AIX. Vulnerability Details CVEID: CVE-2021-38990 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. CVSS Base score: 8.4 CVSS Temporal...

Security Bulletin: AIX is vulnerable to a denial of service due to OpenSSL (CVE-2022-0778)

Summary A vulnerability in OpenSSL could allow a remote attacker to cause a denial of service CVE-2022-0778. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID: CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a fla...

Security Bulletin: Vulnerabilities in the AIX kernel (CVE-2021-38994, CVE-2021-38995)

Summary There are multiple vulnerabilities in the AIX kernel. Vulnerability Details CVEID: CVE-2021-38995 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. CVSS Base score: 6.2 CVSS Temporal Score: See:...