Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2023 Tenable Network Security, Inc.AIX_IV89739.NASL
HistoryDec 05, 2016 - 12:00 a.m.

AIX 6.1 TL 9 : pconsole (IV89739)

2016-12-0500:00:00
This script is Copyright (C) 2016-2023 Tenable Network Security, Inc.
www.tenable.com
32

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.003

Percentile

71.0%

JSON

https://vulners.com/cve/CVE-2016-0266 https://vulners.com/cve/CVE-2016-0266 IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory pconsole_advisory2.asc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(95483);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/21");

  script_cve_id("CVE-2016-0266");

  script_name(english:"AIX 6.1 TL 9 : pconsole (IV89739)");
  script_summary(english:"Check for APAR IV89739");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote AIX host is missing a security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0266 IBM AIX
5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS
version, which makes it easier for man-in-the-middle attackers to
obtain sensitive information via unspecified vectors."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://aix.software.ibm.com/aix/efixes/security/pconsole_advisory2.asc"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install the appropriate interim fix."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2023 Tenable Network Security, Inc.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );

flag = 0;

if (aix_check_ifix(release:"6.1", ml:"09", sp:"06", patch:"IV89739s7a", package:"sysmgt.pconsole.rte", minfilesetver:"6.1.9.0", maxfilesetver:"6.1.9.100") < 0) flag++;
if (aix_check_ifix(release:"6.1", ml:"09", sp:"07", patch:"IV89739s7a", package:"sysmgt.pconsole.rte", minfilesetver:"6.1.9.0", maxfilesetver:"6.1.9.100") < 0) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Related

nessus 22
cvelist 1
cve 1
nvd 1
aix 2
prion 1
nessus
nessus
AIX 7.1 TL 4 : pconsole (IV89737)
2016-12-05 00:00:00
AIX 7.1 TL 3 : pconsole (IV93624)
2017-05-02 00:00:00
AIX 6.1 TL 9 : nettcp (IV79070) (SLOTH)
2016-10-21 00:00:00
cvelist
cvelist
CVE-2016-0266
2016-08-08 01:00:00
cve
cve
CVE-2016-0266
2016-08-08 01:59:00
nvd
nvd
CVE-2016-0266
2016-08-08 01:59:00
aix
aix
Vulnerability in pConsole impacts AIX,pConsole on AIX does not support TLS 1.2.
2016-12-02 15:01:37
Vulnerabilities in MD5 Signature and Hash Algorithm and TLS 1.2 affects sendmail imap and pop3d on AIX,Vulnerabilities in MD5 Signature and Hash Algorithm and TLS 1.2 affects sendmail imap and pop3d on AIX,Vulnerabilities in MD5 Signature and Hash Algorithm and TLS 1.2 affects sendmail imap and pop3d on VIOS,Vulnerabilities in MD5 Signature and Hash Algorithm and TLS 1.2 affects sendmail imap pop3d ftp/ftpd and ndpd-host/ndpd-router on AIX
2016-07-26 13:50:13
prion
prion
Default credentials
2016-08-08 01:59:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.003

Percentile

71.0%

JSON
Related for AIX_IV89739.NASL
nessus22cvelist1cve1nvd1aix2prion1