U radu operacijskog sustava IBM AIX uočen je sigurnosni propust kojeg lokalni napadač može iskoristiti za stjecanje povećanih ovlasti i brisanje pojedinih datoteka.

AIX inventory scout file deletion and symlink vulnerability CVE-2011-1384
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IBM SECURITY ADVISORY

First Issued: Thu Dec  8 12:46:23 CST 2011

The most recent version of this document is available here:

http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc
===============================================================================
                           VULNERABILITY SUMMARY

VULNERABILITY:   AIX inventory scout file deletion and symlink vulnerability

PLATFORMS:       AIX 5.3, 6.1, and 7.1, and earlier releases 

SOLUTION:        Apply the fix described below.

THREAT:          See below.

CVE Number:      CVE-2011-1384

Reboot required?    NO
Workarounds?        YES
Protected by FPM?   NO
Protected by SED?   NO
===============================================================================
                           DETAILED INFORMATION

I. DESCRIPTION

    A vulnerability exists in the inventory scout code which may allow a user
    to delete vital system files and allow an attacker to cause the software 
    to operate on unauthorized files.

II. CVSS
    
    CVSS Base Score: 6.3
    CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/71615 for the
    current score
    CVSS Environmental Score*: Undefined

III. PLATFORM VULNERABILITY ASSESSMENT

    To determine if your system is vulnerable, run the following command:

    # lslpp -l | grep invscout.rte

    The following filesets are vulnerable:

    AIX 7.1, 6.1, 5.3: all versions less than 2.2.0.19

    NOTE: The invscout.rte is based on an independent service release and is
    not tied to any particular version or release of AIX.

IV. SOLUTIONS

    A. APARS

        IBM has assigned the following APARs to this problem:

        AIX Level           APAR number        Availability
        ---------------------------------------------------
        5.3                 IV11643            available
        6.1                 IV11643            available
        7.1                 IV11643            available

        Subscribe to the APARs here:

        http://www.ibm.com/support/docview.wss?uid=isg1IV11643

        By subscribing, you will receive periodic email alerting you
        to the status of the APAR, and a link to download the fix once
        it becomes available.

     B. FIX

        IMPORTANT: If possible, it is recommended that a mksysb backup
        of the system be created.  Verify it is both bootable and
        readable before proceeding.

        To preview a fix installation:

        installp -a -d fix_name -p all  # where fix_name is the name of the
                                        # fix package being previewed.
        To install a fix package:

        installp -a -d fix_name -X all  # where fix_name is the name of the  
                                        # fix package being installed.

        Interim fixes have had limited functional and regression
        testing but not the full regression testing that takes place
        for Service Packs; thus, IBM does not warrant the fully
        correct functionality of an interim fix.

V. WORKAROUNDS

    a) Remove the setuid bit from the following:

        chmod 555 /opt/IBMinvscout/bin/invscoutClient_VPD_Survey
        chmod 555 /opt/IBMinvscout/sbin/invscout_lsvpd

	NOTE: chmod will disable functionality of these commands for
        all users except root.

VII. CONTACT INFORMATION

    If you would like to receive AIX Security Advisories via email,
    please visit:
 
        http://www.ibm.com/systems/support
 
    and click on the "My notifications" link.
 
    To view previously issued advisories, please visit:
 
        http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd
 
    Comments regarding the content of this announcement can be
    directed to:

        Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

    To request the PGP public key that can be used to communicate
    securely with the AIX Security Team you can either:

        A. Send an email with "get key" in the subject line to:

            Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

        B. Download the key from a PGP Public Key Server. The key ID is:

            0x28BFAA12
 
    Please contact your local IBM AIX support center for any
    assistance.
 
    eServer is a trademark of International Business Machines
    Corporation.  IBM, AIX and pSeries are registered trademarks of
    International Business Machines Corporation.  All other trademarks
    are property of their respective holders.

VIII. ACKNOWLEDGMENTS

    This vulnerability was reported by Jakub Wartak.

IX. REFERENCES:
    
    Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html
    On-line Calculator V2:
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
    X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/71615
    CVE-2011-1384: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1384

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (AIX)

iD8DBQFO4Q5Q4fmd+Ci/qhIRAv/7AJsGbBdVsp5R88+6H4PALNkRyAi9ygCeKxvn
ticRWITpxesdpzuKHl2Q7aU=
=JeLt