AIX 6.1 TL 7 : ftp (IV23331)

medium Nessus Plugin ID 63734

Synopsis

The remote AIX host is missing a security patch.

Description

The root owned files can be read by non-root users only when the directory permissions are set allowed for non-root users. For example, a non-root user won't be able to read anything under /etc/security, but can read files like /etc/rc.wpars under ftp.

Solution

Install the appropriate interim fix.

See Also

https://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc

Plugin Details

Severity: Medium

ID: 63734

File Name: aix_IV23331.nasl

Version: 1.10

Type: local

Published: 1/24/2013

Updated: 4/21/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

Vulnerability Information

CPE: cpe:/o:ibm:aix:6.1

Required KB Items: Host/local_checks_enabled, Host/AIX/version, Host/AIX/lslpp

Patch Publication Date: 10/18/2012

Vulnerability Publication Date: 10/18/2012

Reference Information

CVE: CVE-2012-4845