Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)

Summary Vulnerability in libxml2 could allow a remote attacker to cause a denial of service CVE-2024-25062. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. Whe...

AIX is vulnerable to a denial of service (CVE-2024-2511 CVE-2024-0727) due to OpenSSL

IBM SECURITY ADVISORY First Issued: Tue Jul 16 15:22:01 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/openssladvisory41.asc Security Bulletin: AIX is vulnerable to a denial of service CVE-2024-2511, CVE-2024-0727 due to OpenS...

AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)

IBM SECURITY ADVISORY First Issued: Thu Jun 20 15:10:42 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory5.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl CVE-2024-0853...

Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)

Summary Vulnerability in Python could allow a remote attacker to obtain sensitive information CVE-2024-28757. Python is used by AIX as part of Ansible node management automation. Vulnerability Details CVEID:CVE-2024-28757 DESCRIPTION: libexpat could allow a remote attacker to obtain sensitive...

Security Bulletin: AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795), arbitrary command execution (CVE-2023-51385), and information disclosure (CVE-2023-51384) due to OpenSSH

Summary Vulnerabilities in AIX's OpenSSH could allow a remote attacker to launch a machine-in-the-middle attack CVE-2023-48795 and execute arbitrary commands CVE-2023-51385, and could allow a local authenticated attacker to obtain sensitive information CVE-2023-51384. OpenSSH is used by AIX for...

Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795)

Summary UPDATED May 17 Corrected the affected fileset levels for AIX 7.2 TL5 and removed bos.net.tcp.bind 7.2.5.200.: A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795. AIX uses ISC BIND as part of i...

AIX is vulnerable to arbitrary command execution due to invscout

IBM SECURITY ADVISORY First Issued: Thu Nov 30 10:49:53 CST 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/invscoutadvisory5.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout CVE-2023-45168...

Security Bulletin: AIX is vulnerable to unauthorized file access and arbitrary code execution due to OpenSSH (CVE-2023-40371 and CVE-2023-38408)

Summary Vulnerabilities in AIX's OpenSSH could allow a non-privileged local user file access outside of those allowed CVE-2023-40371 or allow a remote attacker to execute arbitrary code CVE-2023-38408. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2023-40371 DESCRIPTION...

Security Bulletin: AIX is vulnerable to a denial of service due to lpd (CVE-2022-43382)

Summary UPDATED Mar 17 Corrected the affected upper fileset levels for AIX 7.1 TL5 to show that SP11 is affected. Corrected the affected upper fileset levels for AIX 7.3 TL0 to show that SP03 is affected. Added iFixes for 7.1 TL5 SP10 and 7.3 TL0 SP03. A vulnerability in the AIX lpd printer daemo...

AIX is vulnerable to a denial of service due to libxml2 (CVE-2022-29824)

IBM SECURITY ADVISORY First Issued: Mon Sep 12 15:07:01 CDT 2022 |Updated: Mon Dec 12 12:49:47 CST 2022 |Update: Added iFixes for AIX 7.2 TL5 SP5 and VIOS 3.1.4.10. The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/libxml2advisory3.asc...

AIX is vulnerable to a denial of service due to OpenSSL

IBM SECURITY ADVISORY First Issued: Fri May 13 09:32:08 CDT 2022 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory35.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory35.asc...

Security Bulletin: Vulnerability in the AIX kernel (CVE-2021-38988)

Summary There is a vulnerability in the AIX pfcdd kernel extension. Vulnerability Details CVEID: CVE-2021-38988 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. CVSS Base score: 6.2 CVSS Temporal Score: See:...

Security Bulletin: Vulnerability in sendmail impacts AIX (CVE-2014-3956)

Summary There is a vulnerability in sendmail that impacts AIX. Vulnerability Details CVEID: CVE-2014-3956 DESCRIPTION: The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXEC flags, which allows local users...

Security Bulletin: Vulnerabilities in bellmail, caccelstat, iostat, lquerypv, restbyinode, and vmstat affect AIX (CVE-2017-1692)

Summary There is a potential root privilege escalation vulnerability in bellmail, caccelstat, iostat, lquerypv, restbyinode, and vmstat on AIX. Vulnerability Details CVEID: CVE-2017-1692 DESCRIPTION: IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to...

There is a vulnerability in Xorg that affects AIX.,There is a vulnerability in Xorg that affects VIOS.

IBM SECURITY ADVISORY First Issued: Tue Dec 11 09:32:52 CST 2018 |Updated: Tue Apr 9 09:52:17 CDT 2019 |Update: Added AIX 7100-04-07 and 7200-02-03 as affected. | Added iFixes for AIX 7100-04-07 and 7200-02-03. The most recent version of this document is available here:...

Vulnerabilities in OpenSSH affect AIX.

IBM SECURITY ADVISORY First Issued: Wed Oct 24 11:28:50 CDT 2018 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/opensshadvisory12.asc https://aix.software.ibm.com/aix/efixes/security/opensshadvisory12.asc...

Vulnerability in sendmail impacts AIX (CVE-2014-3956),Vulnerability in sendmail impacts VIOS (CVE-2014-3956)

IBM SECURITY ADVISORY First Issued: Fri Apr 6 11:18:40 CDT 2018 |Updated: Mon Sep 17 09:18:47 CDT 2018 |Update: Clarified that AIX 7.2 TL0 SP6 and bos.net.tcp.sendmail fileset level | 7.2.0.3 are impacted. An iFix for AIX 7.2 TL0 SP6 is now available. The most recent version of this document is...

There are multiple vulnerabilities in tcpdump that impact AIX.

IBM SECURITY ADVISORY First Issued: Wed Nov 8 09:27:01 CST 2017 |Updated: Wed Feb 28 09:33:13 CST 2018 |Update: Corrected the APARs listed under the APAR section. The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/tcpdumpadvisory3.asc...

There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX.

IBM SECURITY ADVISORY First Issued: Mon Feb 13 15:32:47 CST 2017 |Updated: Mon Oct 2 10:47:12 CDT 2017 |Update 2: Removed bos.net.tcp.ntp from the impacted fileset list for | AIX 7200-01-02. Fileset bos.net.tcp.ntpd is still listed as impacted | for AIX 7200-01-02. The most recent version of this...

Vulnerabilities in OpenSSL affect AIX

IBM SECURITY ADVISORY First Issued: Wed Mar 2 08:43:07 CST 2016 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory17.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory17.asc...