Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.AIX_IJ38113.NASLHistoryMar 01, 2022 - 12:00 a.m.
AIX 7.1 TL 5 : audit (IJ38113)
2022-03-0100:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
aix 7.1 tl 5
security patch
ij38113
denial of service
file creation vulnerability
audit commands
ibm aix
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
4.4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
5.1%
https://vulners.com/cve/CVE-2021-38955 https://vulners.com/cve/CVE-2021-38955 IBM AIX could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory audit_advisory.asc.
#
include('deprecated_nasl_level.inc');
include("compat.inc");
if (description)
{
script_id(158497);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/20");
script_cve_id("CVE-2021-38955");
script_name(english:"AIX 7.1 TL 5 : audit (IJ38113)");
script_summary(english:"Check for APAR IJ38113");
script_set_attribute(
attribute:"synopsis",
value:"The remote AIX host is missing a security patch."
);
script_set_attribute(
attribute:"description",
value:
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38955 IBM AIX
could allow a local user with elevated privileges to cause a denial of
service due to a file creation vulnerability in the audit commands."
);
script_set_attribute(
attribute:"see_also",
value:"https://aix.software.ibm.com/aix/efixes/security/audit_advisory.asc"
);
script_set_attribute(
attribute:"solution",
value:"Install the appropriate interim fix."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-38955");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.1");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/28");
script_set_attribute(attribute:"patch_publication_date", value:"2022/02/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/03/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"AIX Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("aix.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );
flag = 0;
if (aix_check_ifix(release:"7.1", ml:"05", sp:"07", patch:"IJ38113m9a", package:"bos.rte.security", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.37") < 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"05", sp:"08", patch:"IJ38113m9a", package:"bos.rte.security", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.37") < 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"05", sp:"09", patch:"IJ38113m9a", package:"bos.rte.security", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.37") < 0) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:aix_report_get());
else security_note(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Related
cnvd
cnvd
IBM AIX Denial of Service Vulnerability (CNVD-2022-17018)
2022-03-02 00:00:00
nessus
nessus
AIX 7.2 TL 4 : audit (IJ38115)
2022-03-01 00:00:00
AIX 7.2 TL 5 : audit (IJ38119)
2022-03-01 00:00:00
AIX 7.3 TL 0 : audit (IJ38121)
2022-03-01 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in AIX audit commands (CVE-2021-38955)
2022-02-28 23:05:46
nvd
nvd
CVE-2021-38955
2022-03-01 17:15:07
cve
cve
CVE-2021-38955
2022-03-01 17:15:07
prion
prion
Design/Logic Flaw
2022-03-01 17:15:00
cvelist
cvelist
CVE-2021-38955
2022-03-01 16:45:24
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS3
4.4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
5.1%
Related for AIX_IJ38113.NASL