Vulnerabilities > CVE-2006-0667 - Local Security vulnerability in AIX 5.2/5.3

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
ibm
nessus

Summary

lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack.

Vulnerable Configurations

Part Description Count
OS
Ibm
2

Nessus

  • NASL familyAIX Local Security Checks
    NASL idAIX_U802730.NASL
    descriptionThe remote host is missing AIX PTF U802730, which is related to the security of the package devices.chrp.base.rte.
    last seen2020-06-01
    modified2020-06-02
    plugin id28439
    published2007-12-03
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28439
    titleAIX 5.3 TL 3 / 5.3 TL 4 : devices.chrp.base.rte (U802730)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were extracted
    # from AIX Security PTF U802730. The text itself is copyright (C)
    # International Business Machines Corp.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28439);
      script_version ("1.6");
      script_cvs_date("Date: 2019/09/16 14:12:47");
    
      script_cve_id("CVE-2005-3289", "CVE-2006-0667");
    
      script_name(english:"AIX 5.3 TL 3 / 5.3 TL 4 : devices.chrp.base.rte (U802730)");
      script_summary(english:"Check for PTF U802730");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote AIX host is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is missing AIX PTF U802730, which is related to the
    security of the package devices.chrp.base.rte."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IY77638"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install the appropriate missing security-related fix."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"AIX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp");
    
      exit(0);
    }
    
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("aix.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
    if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    flag = 0;
    
    if ( aix_check_patch(ml:"530003", patch:"U802730", package:"devices.chrp.base.rte.5.3.0.32") < 0 ) flag++;
    if ( aix_check_patch(ml:"530004", patch:"U802730", package:"devices.chrp.base.rte.5.3.0.32") < 0 ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAIX Local Security Checks
    NASL idAIX_U477521.NASL
    descriptionThe remote host is missing AIX PTF U477521, which is related to the security of the package devices.chrp.base.rte.
    last seen2020-06-01
    modified2020-06-02
    plugin id65258
    published2013-03-13
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65258
    titleAIX 5.2 TL 7 / 5.2 TL 8 : devices.chrp.base.rte (U477521)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were extracted
    # from AIX Security PTF U477521. The text itself is copyright (C)
    # International Business Machines Corp.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(65258);
      script_version("1.2");
      script_cvs_date("Date: 2019/09/16 14:12:47");
    
      script_cve_id("CVE-2005-3289", "CVE-2006-0667");
    
      script_name(english:"AIX 5.2 TL 7 / 5.2 TL 8 : devices.chrp.base.rte (U477521)");
      script_summary(english:"Check for PTF U477521");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote AIX host is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is missing AIX PTF U477521, which is related to the
    security of the package devices.chrp.base.rte."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IY77624"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install the appropriate missing security-related fix."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"AIX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp");
    
      exit(0);
    }
    
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("aix.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
    if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    flag = 0;
    
    if ( aix_check_patch(ml:"520007", patch:"U477521", package:"devices.chrp.base.rte.5.2.0.85") < 0 ) flag++;
    if ( aix_check_patch(ml:"520008", patch:"U477521", package:"devices.chrp.base.rte.5.2.0.85") < 0 ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAIX Local Security Checks
    NASL idAIX_U805550.NASL
    descriptionThe remote host is missing AIX PTF U805550, which is related to the security of the package devices.chrp.base.rte.
    last seen2020-06-01
    modified2020-06-02
    plugin id28552
    published2007-12-03
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28552
    titleAIX 5.2 TL 7 / 5.2 TL 8 : devices.chrp.base.rte (U805550)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were extracted
    # from AIX Security PTF U805550. The text itself is copyright (C)
    # International Business Machines Corp.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28552);
      script_version ("1.6");
      script_cvs_date("Date: 2019/09/16 14:12:47");
    
      script_cve_id("CVE-2005-3289", "CVE-2006-0667");
    
      script_name(english:"AIX 5.2 TL 7 / 5.2 TL 8 : devices.chrp.base.rte (U805550)");
      script_summary(english:"Check for PTF U805550");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote AIX host is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is missing AIX PTF U805550, which is related to the
    security of the package devices.chrp.base.rte."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IY77624"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install the appropriate missing security-related fix."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"AIX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp");
    
      exit(0);
    }
    
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("aix.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
    if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    flag = 0;
    
    if ( aix_check_patch(ml:"520007", patch:"U805550", package:"devices.chrp.base.rte.5.2.0.77") < 0 ) flag++;
    if ( aix_check_patch(ml:"520008", patch:"U805550", package:"devices.chrp.base.rte.5.2.0.77") < 0 ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");