CVE-2015-4948

Name of the Vulnerable Software and Affected Versions IBM AIX versions 5.3, 6.1, and 7.1 VIOS version 2.2.x

Description The issue is related to the netstat component in the AIX operating system, which has inadequate access restrictions to certain functions. This allows a local attacker to potentially gain elevated privileges. The vulnerability can be exploited when a fibre channel adapter is used.

Recommendations For IBM AIX versions 5.3, 6.1, and 7.1, consider restricting access to the netstat component until a fix is available. For VIOS version 2.2.x, restrict the use of the netstat function when a fibre channel adapter is present to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.