Vulnerabilities > CVE-2017-1093 - Local Privilege Escalation vulnerability in IBM AIX 6.1/7.1/7.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.
Nessus
NASL family AIX Local Security Checks NASL id AIX_IV92241.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 IBM AIX could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bellmail_advisory2.nasl (plugin id 102121). last seen 2018-02-02 modified 2018-02-01 plugin id 96836 published 2017-01-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=96836 title AIX 7.2 TL 0 : bellmail (IV92241) (deprecated) code #%NASL_MIN_LEVEL 999999 # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bellmail_advisory2.asc. # # @DEPRECATED@ # # Disabled on 2017/07/20. Deprecated by aix_bellmail_advisory2.nasl. include("compat.inc"); if (description) { script_id(96836); script_version("3.8"); script_cvs_date("Date: 2018/07/20 0:18:52"); script_cve_id("CVE-2017-1093"); script_name(english:"AIX 7.2 TL 0 : bellmail (IV92241) (deprecated)"); script_summary(english:"Check for APAR IV92241"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 IBM AIX could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bellmail_advisory2.nasl (plugin id 102121)." ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/29"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } exit(0, "This plugin has been deprecated. Use aix_bellmail_advisory2.nasl (plugin ID 102121) instead."); include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"7.2", ml:"00", sp:"00", patch:"IV92241m2a", package:"core", minfilesetver:"7.2.0.0", maxfilesetver:"7.2.0.2") < 0) flag++; if (aix_check_ifix(release:"7.2", ml:"00", sp:"01", patch:"IV92241m2a", package:"core", minfilesetver:"7.2.0.0", maxfilesetver:"7.2.0.2") < 0) flag++; if (aix_check_ifix(release:"7.2", ml:"00", sp:"02", patch:"IV92241m2a", package:"core", minfilesetver:"7.2.0.0", maxfilesetver:"7.2.0.2") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IV92240.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 IBM AIX could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bellmail_advisory2.nasl (plugin id 102121). last seen 2018-02-02 modified 2018-02-01 plugin id 96835 published 2017-01-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=96835 title AIX 7.1 TL 4 : bellmail (IV92240) (deprecated) code #%NASL_MIN_LEVEL 999999 # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bellmail_advisory2.asc. # # @DEPRECATED@ # # Disabled on 2017/07/20. Deprecated by aix_bellmail_advisory2.nasl. include("compat.inc"); if (description) { script_id(96835); script_version("3.8"); script_cvs_date("Date: 2018/07/20 0:18:52"); script_cve_id("CVE-2017-1093"); script_name(english:"AIX 7.1 TL 4 : bellmail (IV92240) (deprecated)"); script_summary(english:"Check for APAR IV92240"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 IBM AIX could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bellmail_advisory2.nasl (plugin id 102121)." ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/29"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } exit(0, "This plugin has been deprecated. Use aix_bellmail_advisory2.nasl (plugin ID 102121) instead."); include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"7.1", ml:"04", sp:"01", patch:"IV92240m3a", package:"bos.net.tcp.client", minfilesetver:"7.1.4.0", maxfilesetver:"7.1.4.30") < 0) flag++; if (aix_check_ifix(release:"7.1", ml:"04", sp:"02", patch:"IV92240m3a", package:"bos.net.tcp.client", minfilesetver:"7.1.4.0", maxfilesetver:"7.1.4.30") < 0) flag++; if (aix_check_ifix(release:"7.1", ml:"04", sp:"03", patch:"IV92240m3a", package:"bos.net.tcp.client", minfilesetver:"7.1.4.0", maxfilesetver:"7.1.4.30") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IV92250.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 IBM AIX could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bellmail_advisory2.nasl (plugin id 102121). last seen 2018-02-02 modified 2018-02-01 plugin id 96838 published 2017-01-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=96838 title AIX 7.1 TL 3 : bellmail (IV92250) (deprecated) code #%NASL_MIN_LEVEL 999999 # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bellmail_advisory2.asc. # # @DEPRECATED@ # # Disabled on 2017/07/20. Deprecated by aix_bellmail_advisory2.nasl. include("compat.inc"); if (description) { script_id(96838); script_version("3.8"); script_cvs_date("Date: 2018/07/20 0:18:52"); script_cve_id("CVE-2017-1093"); script_name(english:"AIX 7.1 TL 3 : bellmail (IV92250) (deprecated)"); script_summary(english:"Check for APAR IV92250"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 IBM AIX could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bellmail_advisory2.nasl (plugin id 102121)." ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/29"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } exit(0, "This plugin has been deprecated. Use aix_bellmail_advisory2.nasl (plugin ID 102121) instead."); include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"7.1", ml:"03", sp:"05", patch:"IV92250m71", package:"bos.net.tcp.client", minfilesetver:"7.1.3.0", maxfilesetver:"7.1.3.48") < 0) flag++; if (aix_check_ifix(release:"7.1", ml:"03", sp:"06", patch:"IV92250m71", package:"bos.net.tcp.client", minfilesetver:"7.1.3.0", maxfilesetver:"7.1.3.48") < 0) flag++; if (aix_check_ifix(release:"7.1", ml:"03", sp:"07", patch:"IV92250m71", package:"bos.net.tcp.client", minfilesetver:"7.1.3.0", maxfilesetver:"7.1.3.48") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IV92242.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 IBM AIX could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bellmail_advisory2.nasl (plugin id 102121). last seen 2018-02-02 modified 2018-02-01 plugin id 96837 published 2017-01-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=96837 title AIX 7.2 TL 1 : bellmail (IV92242) (deprecated) code #%NASL_MIN_LEVEL 999999 # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bellmail_advisory2.asc. # # @DEPRECATED@ # # Disabled on 2017/07/20. Deprecated by aix_bellmail_advisory2.nasl. include("compat.inc"); if (description) { script_id(96837); script_version("3.8"); script_cvs_date("Date: 2018/07/20 0:18:52"); script_cve_id("CVE-2017-1093"); script_name(english:"AIX 7.2 TL 1 : bellmail (IV92242) (deprecated)"); script_summary(english:"Check for APAR IV92242"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 IBM AIX could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bellmail_advisory2.nasl (plugin id 102121)." ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/29"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } exit(0, "This plugin has been deprecated. Use aix_bellmail_advisory2.nasl (plugin ID 102121) instead."); include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"7.2", ml:"01", sp:"00", patch:"IV92242m1a", package:"core", minfilesetver:"7.2.1.0", maxfilesetver:"7.2.1.1") < 0) flag++; if (aix_check_ifix(release:"7.2", ml:"01", sp:"01", patch:"IV92242m1a", package:"core", minfilesetver:"7.2.1.0", maxfilesetver:"7.2.1.1") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_BELLMAIL_ADVISORY2.NASL description The version of bellmail installed on the remote AIX host is affected by a privilege escalation vulnerability. A local attacker can exploit this to gain root privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 102121 published 2017-08-03 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102121 title AIX bellmail Advisory : bellmail_advisory2.asc (IV92238) (IV92240) (IV92241) (IV92242) (IV92250) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(102121); script_version("3.11"); script_cvs_date("Date: 2018/09/17 21:46:52"); script_cve_id("CVE-2017-1093"); script_bugtraq_id(95891); script_name(english:"AIX bellmail Advisory : bellmail_advisory2.asc (IV92238) (IV92240) (IV92241) (IV92242) (IV92250)"); script_summary(english:"Checks the version of the bellmail packages."); script_set_attribute(attribute:"synopsis", value: "The remote AIX host has a version of bellmail installed that is affected by a privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The version of bellmail installed on the remote AIX host is affected by a privilege escalation vulnerability. A local attacker can exploit this to gain root privileges."); script_set_attribute(attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc"); script_set_attribute(attribute:"solution", value: "A fix is available and can be downloaded from the IBM AIX website."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1093"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/29"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix"); script_set_attribute(attribute:"cpe", value:"x-cpe:/a:bellmail:bellmail"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"AIX Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("aix.inc"); include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); oslevel = get_kb_item("Host/AIX/version"); if (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, "AIX"); oslevel = oslevel - "AIX-"; oslevelcomplete = chomp(get_kb_item("Host/AIX/oslevelsp")); if (isnull(oslevelcomplete)) audit(AUDIT_UNKNOWN_APP_VER, "AIX"); oslevelparts = split(oslevelcomplete, sep:'-', keep:0); if ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, "AIX"); ml = oslevelparts[1]; sp = oslevelparts[2]; if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This AIX package check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; aix_bellmail_vulns = { "6.1": { "09": { "06": { "bos.net.tcp.client": { "minfilesetver":"6.1.9.0", "maxfilesetver":"6.1.9.200", "patch":"(IV92238m8a)" } }, "07": { "bos.net.tcp.client": { "minfilesetver":"6.1.9.0", "maxfilesetver":"6.1.9.200", "patch":"(IV92238m8a|IV97356m9a)" } }, "08": { "bos.net.tcp.client": { "minfilesetver":"6.1.9.0", "maxfilesetver":"6.1.9.200", "patch":"(IV92238m8a|IV97356m9a)" } } } }, "7.1": { "03": { "05": { "bos.net.tcp.client": { "minfilesetver":"7.1.3.0", "maxfilesetver":"7.1.3.45", "patch":"(IV92250m71)" } }, "06": { "bos.net.tcp.client": { "minfilesetver":"7.1.3.0", "maxfilesetver":"7.1.3.46", "patch":"(IV92250m71)" } }, "07": { "bos.net.tcp.client": { "minfilesetver":"7.1.3.0", "maxfilesetver":"7.1.3.47", "patch":"(IV92250m71)" } } }, "04": { "01": { "bos.net.tcp.client": { "minfilesetver":"7.1.4.0", "maxfilesetver":"7.1.4.30", "patch":"(IV92240m3a)" } }, "02": { "bos.net.tcp.client": { "minfilesetver":"7.1.4.0", "maxfilesetver":"7.1.4.30", "patch":"(IV92240m3a)" } }, "03": { "bos.net.tcp.client": { "minfilesetver":"7.1.4.0", "maxfilesetver":"7.1.4.30", "patch":"(IV92240m3a|IV99497m5a)" } } } }, "7.2": { "00": { "00": { "bos.net.tcp.client_core": { "minfilesetver":"7.2.0.0", "maxfilesetver":"7.2.0.2", "patch":"(IV92241m2a)" } }, "01": { "bos.net.tcp.client_core": { "minfilesetver":"7.2.0.0", "maxfilesetver":"7.2.0.2", "patch":"(IV92241m2a)" } }, "02": { "bos.net.tcp.client_core": { "minfilesetver":"7.2.0.0", "maxfilesetver":"7.2.0.2", "patch":"(IV92241m2a)" } } }, "01": { "00": { "bos.net.tcp.client_core": { "minfilesetver":"7.2.1.0", "maxfilesetver":"7.2.1.1", "patch":"(IV92242m1a)" } }, "01": { "bos.net.tcp.client_core": { "minfilesetver":"7.2.1.0", "maxfilesetver":"7.2.1.1", "patch":"(IV92242m1a|IV99499m3a)" } } } } }; version_report = "AIX " + oslevel; if ( empty_or_null(aix_bellmail_vulns[oslevel]) ) { os_options = join( sort( keys(aix_bellmail_vulns) ), sep:' / ' ); audit(AUDIT_OS_NOT, os_options, version_report); } version_report = version_report + " ML " + ml; if ( empty_or_null(aix_bellmail_vulns[oslevel][ml]) ) { ml_options = join( sort( keys(aix_bellmail_vulns[oslevel]) ), sep:' / ' ); audit(AUDIT_OS_NOT, "ML " + ml_options, version_report); } version_report = version_report + " SP " + sp; if ( empty_or_null(aix_bellmail_vulns[oslevel][ml][sp]) ) { sp_options = join( sort( keys(aix_bellmail_vulns[oslevel][ml]) ), sep:' / ' ); audit(AUDIT_OS_NOT, "SP " + sp_options, version_report); } foreach package ( keys(aix_bellmail_vulns[oslevel][ml][sp]) ) { package_info = aix_bellmail_vulns[oslevel][ml][sp][package]; minfilesetver = package_info["minfilesetver"]; maxfilesetver = package_info["maxfilesetver"]; patch = package_info["patch"]; if (aix_check_ifix(release:oslevel, ml:ml, sp:sp, patch:patch, package:package, minfilesetver:minfilesetver, maxfilesetver:maxfilesetver) < 0) flag++; } if (flag) { aix_report_extra = ereg_replace(string:aix_report_get(), pattern:"[()]", replace:""); aix_report_extra = ereg_replace(string:aix_report_extra, pattern:"[|]", replace:" or "); security_report_v4( port : 0, severity : SECURITY_HOLE, extra : aix_report_extra ); } else { tested = aix_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bos.net.tcp.client / bos.net.tcp.client_core"); }NASL family AIX Local Security Checks NASL id AIX_IV92238.NASL description http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 IBM AIX could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bellmail_advisory2.nasl (plugin id 102121). last seen 2018-02-02 modified 2018-02-01 plugin id 96834 published 2017-01-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=96834 title AIX 6.1 TL 9 : bellmail (IV92238) (deprecated) code #%NASL_MIN_LEVEL 999999 # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bellmail_advisory2.asc. # # @DEPRECATED@ # # Disabled on 2017/07/20. Deprecated by aix_bellmail_advisory2.nasl. include("compat.inc"); if (description) { script_id(96834); script_version("3.8"); script_cvs_date("Date: 2018/07/20 0:18:52"); script_cve_id("CVE-2017-1093"); script_name(english:"AIX 6.1 TL 9 : bellmail (IV92238) (deprecated)"); script_summary(english:"Check for APAR IV92238"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1093 IBM AIX could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bellmail_advisory2.nasl (plugin id 102121)." ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/29"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } exit(0, "This plugin has been deprecated. Use aix_bellmail_advisory2.nasl (plugin ID 102121) instead."); include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"6.1", ml:"09", sp:"06", patch:"IV92238m8a", package:"bos.net.tcp.client", minfilesetver:"6.1.9.0", maxfilesetver:"6.1.9.200") < 0) flag++; if (aix_check_ifix(release:"6.1", ml:"09", sp:"07", patch:"IV92238m8a", package:"bos.net.tcp.client", minfilesetver:"6.1.9.0", maxfilesetver:"6.1.9.200") < 0) flag++; if (aix_check_ifix(release:"6.1", ml:"09", sp:"08", patch:"IV92238m8a", package:"bos.net.tcp.client", minfilesetver:"6.1.9.0", maxfilesetver:"6.1.9.200") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");