Vulnerabilities > CVE-2018-1383 - Unspecified vulnerability in IBM AIX

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ibm

critical

nessus

NVD

Published: 2018-02-13

Updated: 2019-10-03

Summary

A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.

Vulnerable Configurations

Part	Description	Count
OS	Ibm IBM AIX 6.1.3 IBM AIX 7.1.2 IBM AIX 7.1 IBM AIX 7.2 IBM AIX 6.1.1 IBM AIX 6.1 IBM AIX 6.1.2 IBM AIX 7.1.1 IBM AIX 7.2.2 IBM AIX 7.2.1 IBM AIX 7.1.5 IBM AIX 7.1.4 IBM AIX 7.1.3 IBM AIX 6.1.4 IBM AIX 6.1.5 IBM AIX 6.1.6 IBM AIX 6.1.7 IBM AIX 6.1.8 IBM AIX 6.1.9	19

Nessus

NASL family	AIX Local Security Checks
NASL id	AIX_IJ02726.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine.
last seen	2020-06-01
modified	2020-06-02
plugin id	106684
published	2018-02-09
reporter	This script is Copyright (C) 2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/106684
title	AIX 6.1 TL 9 : aixbase (IJ02726)
code	# # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory aixbase_advisory.asc. # include("compat.inc"); if (description) { script_id(106684); script_version("3.8"); script_cvs_date("Date: 2018/06/28 13:49:39"); script_cve_id("CVE-2018-1383"); script_name(english:"AIX 6.1 TL 9 : aixbase (IJ02726)"); script_summary(english:"Check for APAR IJ02726"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine." ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/aixbase_advisory.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"6.1", ml:"09", sp:"08", patch:"IJ02726s8a", package:"bos.cluster.rte", minfilesetver:"6.1.9.0", maxfilesetver:"6.1.9.300") < 0) flag++; if (aix_check_ifix(release:"6.1", ml:"09", sp:"09", patch:"IJ02726s9a", package:"bos.cluster.rte", minfilesetver:"6.1.9.0", maxfilesetver:"6.1.9.300") < 0) flag++; if (aix_check_ifix(release:"6.1", ml:"09", sp:"10", patch:"IJ02726sAa", package:"bos.cluster.rte", minfilesetver:"6.1.9.0", maxfilesetver:"6.1.9.300") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	AIX Local Security Checks
NASL id	AIX_IJ02827.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine.
last seen	2020-06-01
modified	2020-06-02
plugin id	106688
published	2018-02-09
reporter	This script is Copyright (C) 2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/106688
title	AIX 7.2 TL 0 : aixbase (IJ02827)
code	# # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory aixbase_advisory.asc. # include("compat.inc"); if (description) { script_id(106688); script_version("3.8"); script_cvs_date("Date: 2018/06/28 13:49:39"); script_cve_id("CVE-2018-1383"); script_name(english:"AIX 7.2 TL 0 : aixbase (IJ02827)"); script_summary(english:"Check for APAR IJ02827"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine." ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/aixbase_advisory.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"7.2", ml:"00", sp:"03", patch:"IJ02827s3a", package:"bos.cluster.rte", minfilesetver:"7.2.0.0", maxfilesetver:"7.2.0.5") < 0) flag++; if (aix_check_ifix(release:"7.2", ml:"00", sp:"04", patch:"IJ02827s4a", package:"bos.cluster.rte", minfilesetver:"7.2.0.0", maxfilesetver:"7.2.0.5") < 0) flag++; if (aix_check_ifix(release:"7.2", ml:"00", sp:"05", patch:"IJ02827s5a", package:"bos.cluster.rte", minfilesetver:"7.2.0.0", maxfilesetver:"7.2.0.5") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	AIX Local Security Checks
NASL id	AIX_IJ02828.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine.
last seen	2020-06-01
modified	2020-06-02
plugin id	106689
published	2018-02-09
reporter	This script is Copyright (C) 2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/106689
title	AIX 7.2 TL 1 : aixbase (IJ02828)

NASL family	AIX Local Security Checks
NASL id	AIX_IJ02727.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine.
last seen	2020-06-01
modified	2020-06-02
plugin id	106685
published	2018-02-09
reporter	This script is Copyright (C) 2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/106685
title	AIX 7.1 TL 5 : aixbase (IJ02727)

NASL family	AIX Local Security Checks
NASL id	AIX_IJ02729.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine.
last seen	2020-06-01
modified	2020-06-02
plugin id	106686
published	2018-02-09
reporter	This script is Copyright (C) 2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/106686
title	AIX 7.2 TL 2 : aixbase (IJ02729)

NASL family	AIX Local Security Checks
NASL id	AIX_IJ02825.NASL
description	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1383 A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine.
last seen	2020-06-01
modified	2020-06-02
plugin id	106687
published	2018-02-09
reporter	This script is Copyright (C) 2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/106687
title	AIX 7.1 TL 4 : aixbase (IJ02825)

Summary

Vulnerable Configurations

Nessus

References