CVE-2012-2188

Name of the Vulnerable Software and Affected Versions IBM Power Hardware Management Console (HMC) versions 7R3.5.0 through 7R3.5.0 before SP4 IBM Power Hardware Management Console (HMC) versions 7R7.1.0 through 7R7.2.0 before 7R7.2.0 SP3 IBM Power Hardware Management Console (HMC) versions 7R7.3.0 through 7R7.3.0 before SP2 Systems Director Management Console (SDMC) versions 6R7.3.0 through 6R7.3.0 before SP2

Description The issue allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character, due to the improper restriction of the VIOS viosrvcmd command.

Recommendations For IBM Power Hardware Management Console (HMC) versions 7R3.5.0 through 7R3.5.0 before SP4, update to at least SP4. For IBM Power Hardware Management Console (HMC) versions 7R7.1.0 through 7R7.2.0 before 7R7.2.0 SP3, update to at least 7R7.2.0 SP3. For IBM Power Hardware Management Console (HMC) versions 7R7.3.0 through 7R7.3.0 before SP2, update to at least SP2. For Systems Director Management Console (SDMC) versions 6R7.3.0 through 6R7.3.0 before SP2, update to at least SP2.