#VU6668 Security restrictions bypass in IBM AIX - CVE-2017-3509

Cybersecurity Help s.r.o.

Published: 2017-05-24 | Updated: 2018-11-22

Vulnerability identifier: #VU6668

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-3509

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM AIX
Operating systems & Components / Operating system

Vendor: IBM Corporation

Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information on the target system.

The weakness exists due to unknown error. A remote attacker can read and modify arbitrary files.

Mitigation
Install update from vendor's website.

Vulnerable software versions

IBM AIX: 5.3 - 7.2

External links
https://aix.software.ibm.com/aix/efixes/security/java_apr2017_advisory.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for java-1.8.0-ibm

Multiple vulnerabilities in IBM Cognos Controller

Gentoo update for IcedTea

Multiple vulnerabilities in IBM AIX

OpenSUSE Linux update for java-1

SUSE Linux update for java-1_6_0-ibm

SUSE Linux update for java-1

openSUSE update for java-1_7_0-openjdk

SUSE Linux update for java-1_7_0-openjdk

SUSE Linux update for java-1_8_0-ibm