CVE-2024-25021

Name of the Vulnerable Software and Affected Versions IBM AIX version 7.3 VIOS version 4.1

Description The issue allows a non-privileged local user to execute arbitrary commands due to a vulnerability in the Perl implementation. A remote attacker could bypass security restrictions by exploiting improper handling of property names in the S parse uniprop string function in regcomp.c, using a specially crafted regular expression input to write to unallocated space.

Recommendations For IBM AIX version 7.3, update the Perl implementation to prevent arbitrary command execution. For VIOS version 4.1, update the Perl implementation to prevent arbitrary command execution. As a temporary workaround, consider restricting access to the vulnerable Perl implementation until a patch is available.