Security Bulletin: Vulnerabilities in BIND affect AIX (CVE-2020-8616 and CVE-2020-8617)

Summary There are vulnerabilities in BIND that affect AIX. Vulnerability Details CVEID: CVE-2020-8617 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a logic error in code which checks TSIG validity. A remote attacker could exploit this vulnerability to trigger an assertion...

Security Bulletin: Vulnerabilities in OpenSSL affect AIX (CVE-2019-1547, CVE-2019-1563)

Summary There are vulnerabilities in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using...

There is a vulnerability in tcpdump that affects AIX.,There is a vulnerability in tcpdump that affects VIOS.

IBM SECURITY ADVISORY First Issued: Mon Feb 25 16:54:49 CST 2019 |Updated: Tue Apr 9 09:55:34 CDT 2019 |Update: Increased the lower impacted fileset levels for some fileset | levels. Please see the Fileset table in AFFECTED PRODUCTS AND VERSIONS | for more information. The most recent version of...

IBM AIX rmsock SetUID Binary Information Leak

Summary An exploitable kernel memory leak vulnerability is exposed by the rmsock setUID functionality of IBM AIX 6.1 and IBM AIX 7.1. A specially crafted command line can cause a kernel memory leak, resulting in uninitialized kernel memory being exposed. An attacker can execute rmuser with an...

Vulnerability in rmsock affects AIX (CVE-2018-1655),Vulnerability in rmsock affects VIOS (CVE-2018-1655)

IBM SECURITY ADVISORY First Issued: Thu Jun 21 14:07:15 CDT 2018 |Updated: Tue Jul 3 08:09:45 CDT 2018 |Update: Additional iFixes are now available. Additional iFixes are now available | for: | AIX 6100-09-09 and 6100-09-10 | AIX 7100-04-04 and 7100-04-05 | AIX 7100-05-00 and 7100-05-01 | AIX...

Vulnerability in OpenSSL affects AIX (CVE-2018-0739)

IBM SECURITY ADVISORY First Issued: Mon Apr 30 11:00:38 CDT 2018 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory26.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory26.asc...

IBM AIX 6.1/7.1/7.2 - 'Bellmail' Local Privilege Escalation

!/usr/bin/sh CVE-2016-8972/bellmailroot.sh: IBM AIX Bellmail local root Affected versions: AIX 6.1, 7.1, 7.2 VIOS 2.2.x Fileset Lower Level Upper Level KEY --------------------------------------------------------- bos.net.tcp.client 6.1.9.0 6.1.9.200 keywfs bos.net.tcp.client 7.1.3.0 7.1.3.47...

IBM AIX 6.1 / 7.1 / 7.2 Bellmail Privilege Escalation

!/usr/bin/sh CVE-2016-8972/bellmailroot.sh: IBM AIX Bellmail local root Affected versions: AIX 6.1, 7.1, 7.2 VIOS 2.2.x Fileset Lower Level Upper Level KEY --------------------------------------------------------- bos.net.tcp.client 6.1.9.0 6.1.9.200 keywfs bos.net.tcp.client 7.1.3.0 7.1.3.47...

Vulnerabilities in OpenSSL affect AIX

IBM SECURITY ADVISORY First Issued: Wed Mar 2 08:43:07 CST 2016 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory17.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory17.asc...

Vulnerability in NTPv4 affects AIX

IBM SECURITY ADVISORY First Issued: Mon Feb 22 08:06:13 CST 2016 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/ntpadvisory5.asc https://aix.software.ibm.com/aix/efixes/security/ntpadvisory5.asc...

Vulnerability in Diffie-Hellman ciphers affects sendmail on AIX,Vulnerability in Diffie-Hellman ciphers affects sendmail on VIOS

IBM SECURITY ADVISORY First Issued: Fri Aug 7 15:15:59 CDT 2015 |Updated: Tue Aug 18 09:19:51 CDT 2015 |Update: Added AIX 5.3 vulnerability information The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/sendmailadvisory2.asc...

Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition; issues in the Oracle October 2014 Critical Patch Update plus the POODLE SSLv3 vulnerability and

IBM SECURITY ADVISORY First Issued: Fri Nov 14 15:40:48 CST 2014 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javaoct2014advisory.asc https://aix.software.ibm.com/aix/efixes/security/javaoct2014advisory.asc...

Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Thu Jun 19 09:10:49 CDT 2014 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javaapr2014advisory.asc...

CVE-2014-3977

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. Recent assessments: timb-machine at March 05, 2021 12:41am UTC reported:...

CVE-2014-0930 - Kernel Memory Leak And Denial Of Service Condition in IBM AIX

Vulnerability title: Kernel Memory Leak And Denial Of Service Condition in IBM AIX CVE: CVE-2014-0930 Vendor: IBM Product: AIX Affected version: 5.3, 6.1 and 7.1 releases VIOS 2.2. Fixed version: Interim version Reported by: Tim Brown Details: It has been identified that the ptrace system call ca...

AIX Java Multiple Vulnerabilities (Oracle Java 2014 CPU)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Thu Mar 6 13:24:59 CST 2014 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javajan2014advisory.asc...