PT-2012-2836 · Ibm · Ibm Aix+1
Published
2012-05-04
·
Updated
2017-12-07
·
CVE-2012-0745
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM AIX versions 5.3, 6.1, and 7.1
VIOS versions 2.1.0.10 through 2.2.1.3
Description
The issue is related to the
getpwnam function, which does not properly interact with customer-extended LDAP user filtering. This allows local users to gain privileges via unspecified vectors.Recommendations
For IBM AIX versions 5.3, 6.1, and 7.1, consider restricting access to the
getpwnam function until a patch is available.
For VIOS versions 2.1.0.10 through 2.2.1.3, consider disabling the use of customer-extended LDAP user filtering as a temporary workaround.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Aix
Vios