CVE-2016-6079

Name of the Vulnerable Software and Affected Versions IBM AIX versions 5.3 through 7.2

Description The issue is related to the Logical Volume Manager (LVM) system in AIX, which has inadequate access control. This allows a locally authenticated user to potentially gain root level privileges by exploiting the vulnerability, possibly using the lquerylv command.

Recommendations For IBM AIX versions 5.3 through 7.2, apply the fixes according to IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053 to resolve the issue. As a temporary workaround, consider restricting access to the LVM system until a patch is applied.