CVE-2023-26286

Name of the Vulnerable Software and Affected Versions IBM AIX versions 7.1 through 7.3 VIOS version 3.1

Description The issue allows a non-privileged local user to exploit a vulnerability in the AIX runtime services library, specifically due to the lack of neutralization of special elements used in the operating system command, to execute arbitrary commands. This is related to the errlog() system call function in the runtime services library of the IBM AIX operating system.

Recommendations For IBM AIX versions 7.1 through 7.3, consider disabling the errlog() function as a temporary workaround until a patch is available. For VIOS version 3.1, consider restricting access to the runtime services library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.