Release date: 2011-12-14
Updated on: 2011-12-15
Affected Systems:
Ibm aix 7.x
Ibm aix 6.x
Ibm aix 5.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2011-1384
AIX is an open standard UNIX operating system that provides you with an enterprise information technology infrastructure.
Ibm aix has two implementation vulnerabilities that can be exploited by malicious local users to operate certain data and perform certain operations with elevated permissions.
1) errors in inventory scout can be exploited to operate certain files through symbolic links;
2) unknown details in inventory scout can be used to delete some system files.
<* Source: Jakub Wartak (jakub.wartak@gmail.com)
Link: http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc
*>
Suggestion:
--------------------------------------------------------------------------------
Temporary solution:
Only access trusted hosts.
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/