CVE-2012-4845

Name of the Vulnerable Software and Affected Versions IBM AIX versions 6.1 through 7.1 VIOS version 2.2.1.4-FP-25 SP-02

Description The FTP client does not properly manage privileges in an RBAC environment, allowing attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.

Recommendations For IBM AIX versions 6.1 through 7.1, consider restricting access to the ftp executable file to minimize the risk of exploitation. For VIOS version 2.2.1.4-FP-25 SP-02, consider disabling the ftp client until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.