CVE-2012-0745

Name of the Vulnerable Software and Affected Versions IBM AIX versions 5.3, 6.1, and 7.1 VIOS versions 2.1.0.10 through 2.2.1.3

Description The issue is related to the getpwnam function, which does not properly interact with customer-extended LDAP user filtering. This allows local users to gain privileges via unspecified vectors.

Recommendations For IBM AIX versions 5.3, 6.1, and 7.1, consider restricting access to the getpwnam function until a patch is available. For VIOS versions 2.1.0.10 through 2.2.1.3, consider disabling the use of customer-extended LDAP user filtering as a temporary workaround.