Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AIX_IJ45245.NASL
HistoryApr 18, 2023 - 12:00 a.m.

AIX 7.2 TL 5 : librts (IJ45245)

2023-04-1800:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
ibm aix
vulnerability
security patch

0.0004 Low

EPSS

Percentile

5.1%

JSON

https://vulners.com/cve/CVE-2023-26286 IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory librts_advisory.asc.
#

include('deprecated_nasl_level.inc');
include("compat.inc");

if (description)
{
  script_id(174441);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/05");

  script_cve_id("CVE-2023-26286");

  script_name(english:"AIX 7.2 TL 5 : librts (IJ45245)");
  script_summary(english:"Check for APAR IJ45245");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote AIX host is missing a security patch."
  );
  script_set_attribute(
    attribute:"description",
    value:
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26286 IBM AIX
could allow a non-privileged local user to exploit a vulnerability in
the AIX runtime services library to execute arbitrary commands."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://aix.software.ibm.com/aix/efixes/security/librts_advisory.asc"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Install the appropriate interim fix."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-26286");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/04/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );

flag = 0;

if (aix_check_ifix(release:"7.2", ml:"05", sp:"03", patch:"IJ45245s3a", package:"bos.mp64", minfilesetver:"7.2.5.0", maxfilesetver:"7.2.5.6") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"03", patch:"IJ45245s3a", package:"bos.rte.serv_aid", minfilesetver:"7.2.5.0", maxfilesetver:"7.2.5.4") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"03", patch:"IJ45245s3a", package:"bos.sysmgt.serv_aid", minfilesetver:"7.2.5.0", maxfilesetver:"7.2.5.3") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"03", patch:"IJ45245s3a", package:"bos.mp64", minfilesetver:"7.2.5.100", maxfilesetver:"7.2.5.106") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"03", patch:"IJ45245s3a", package:"bos.rte.serv_aid", minfilesetver:"7.2.5.100", maxfilesetver:"7.2.5.102") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"03", patch:"IJ45245s3a", package:"bos.sysmgt.serv_aid", minfilesetver:"7.2.5.100", maxfilesetver:"7.2.5.102") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"03", patch:"IJ45245s3a", package:"bos.mp64", minfilesetver:"7.2.5.200", maxfilesetver:"7.2.5.201") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"03", patch:"IJ45245s3a", package:"bos.rte.serv_aid", minfilesetver:"7.2.5.200", maxfilesetver:"7.2.5.200") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"03", patch:"IJ45245s3a", package:"bos.sysmgt.serv_aid", minfilesetver:"7.2.5.200", maxfilesetver:"7.2.5.200") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"04", patch:"IJ45245s4a", package:"bos.mp64", minfilesetver:"7.2.5.0", maxfilesetver:"7.2.5.6") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"04", patch:"IJ45245s4a", package:"bos.rte.serv_aid", minfilesetver:"7.2.5.0", maxfilesetver:"7.2.5.4") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"04", patch:"IJ45245s4a", package:"bos.sysmgt.serv_aid", minfilesetver:"7.2.5.0", maxfilesetver:"7.2.5.3") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"04", patch:"IJ45245s4a", package:"bos.mp64", minfilesetver:"7.2.5.100", maxfilesetver:"7.2.5.106") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"04", patch:"IJ45245s4a", package:"bos.rte.serv_aid", minfilesetver:"7.2.5.100", maxfilesetver:"7.2.5.102") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"04", patch:"IJ45245s4a", package:"bos.sysmgt.serv_aid", minfilesetver:"7.2.5.100", maxfilesetver:"7.2.5.102") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"04", patch:"IJ45245s4a", package:"bos.mp64", minfilesetver:"7.2.5.200", maxfilesetver:"7.2.5.201") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"04", patch:"IJ45245s4a", package:"bos.rte.serv_aid", minfilesetver:"7.2.5.200", maxfilesetver:"7.2.5.200") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"04", patch:"IJ45245s4a", package:"bos.sysmgt.serv_aid", minfilesetver:"7.2.5.200", maxfilesetver:"7.2.5.200") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"05", patch:"IJ45245s5a", package:"bos.mp64", minfilesetver:"7.2.5.0", maxfilesetver:"7.2.5.6") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"05", patch:"IJ45245s5a", package:"bos.rte.serv_aid", minfilesetver:"7.2.5.0", maxfilesetver:"7.2.5.4") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"05", patch:"IJ45245s5a", package:"bos.sysmgt.serv_aid", minfilesetver:"7.2.5.0", maxfilesetver:"7.2.5.3") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"05", patch:"IJ45245s5a", package:"bos.mp64", minfilesetver:"7.2.5.100", maxfilesetver:"7.2.5.106") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"05", patch:"IJ45245s5a", package:"bos.rte.serv_aid", minfilesetver:"7.2.5.100", maxfilesetver:"7.2.5.102") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"05", patch:"IJ45245s5a", package:"bos.sysmgt.serv_aid", minfilesetver:"7.2.5.100", maxfilesetver:"7.2.5.102") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"05", patch:"IJ45245s5a", package:"bos.mp64", minfilesetver:"7.2.5.200", maxfilesetver:"7.2.5.201") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"05", patch:"IJ45245s5a", package:"bos.rte.serv_aid", minfilesetver:"7.2.5.200", maxfilesetver:"7.2.5.200") < 0) flag++;
if (aix_check_ifix(release:"7.2", ml:"05", sp:"05", patch:"IJ45245s5a", package:"bos.sysmgt.serv_aid", minfilesetver:"7.2.5.200", maxfilesetver:"7.2.5.200") < 0) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
ibmaix7.2cpe:/o:ibm:aix:7.2

Related

cve 1
aix 1
ibm 1
nvd 1
prion 1
nessus 3
talos 1
cvelist 1
talosblog 1
cve
cve
CVE-2023-26286
2023-04-26 12:15:09
aix
aix
AIX is vulnerable to arbitrary command execution
2023-04-12 12:36:51
ibm
ibm
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2023-26286)
2023-09-08 18:52:18
nvd
nvd
CVE-2023-26286
2023-04-26 12:15:09
prion
prion
Design/Logic Flaw
2023-04-26 12:15:00
nessus
nessus
AIX 7.3 TL 0 : librts (IJ45997)
2023-04-18 00:00:00
AIX 7.1 TL 5 : librts (IJ45981)
2023-04-18 00:00:00
AIX 7.3 TL 1 : librts (IJ45246)
2023-04-18 00:00:00
talos
talos
IBM Corporation AIX errlog() Log Injection Vulnerability
2023-04-24 00:00:00
cvelist
cvelist
CVE-2023-26286 IBM AIX privilege escalation
2023-04-26 11:50:34
talosblog
talosblog
Vulnerability Spotlight: Vulnerabilities in IBM AIX could lead to command injection with elevated privileges
2023-04-24 14:59:52

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for AIX_IJ45245.NASL
cve1aix1ibm1nvd1prion1nessus3talos1cvelist1talosblog1