CA Technologies support is alerting customers about a medium risk vulnerability that may allow a local attacker to gain additional privileges with products using CA Common Services running on the AIX, HP-UX, Linux, and Solaris platforms. The vulnerability, CVE-2016-9795, occurs due to insufficient validation by the casrvc program. A local unprivileged user can exploit the vulnerability to modify arbitrary files, which can potentially allow a local attacker to gain root level access.
fc6c18b1ab288c81928a10a9339d929938fcd7120518c622254694d974c59667IBM AIX versions 6.1, 7.1, and 7.2 suffer from a Bellmail privilege escalation vulnerability.
577087b11048468d456a5ce063092a8f85bcb6d7399a0d04a31068c2aecaf02aThis exploit takes advantage of known issues with debugging functions within the AIX linker library. It takes advantage of known functionality, and focuses on badly coded SUID binaries which do not adhere to proper security checks prior to seteuid/open/writes.
d21d10df2cfdef2edda230cf874c57b4ad9963ec7cc4c0c55f438103a6d3725cAIX versions 6.1, 7.1, and 7.2.0.2 lsmcode local root exploit.
bf3e83aa09cc8aa3291c39d62e561c7bce0ae117171ff19a6b828b29da6e7d8dSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
fb8d8d08d34957a211fe5bca2caee3dced915d053c525c4ae3a021e3b9685b95Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
921a4d32c511ba5b757fa4342ddbbd83dc250134c8d5562ce4500ce5b60fd456Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
5d0b57d29a32f76c996cc91d4b94ab498c193d6711fdde7eea60752b695f004fSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
5674e9a94fd929ae2cf7a99442b66a0fd91e5d4b0454a1924466b2d9ab2bb770Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
9c451054d240e594fbc81ca20259fac9c5d3c667142311f0e65886c13fd7ccfbSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
df89e7ea7a17f1780471f80301509d0d6b58ba860c06abe0f0415d332c3c0343Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
b16eaed1f29c3e383214f3804adce7b21d4bb13db5a0dfba3fd719b3544cf305IBM AIX High Availability Cluster Multiprocessing (HACMP) suffers from a local privilege escalation vulnerability that results in root privileges.
3ac694d8bab5e91c89a1a22c19c92ca256b437e1c481b03c02500c457e4526a0HP Security Bulletin HPSBGN03395 1 - A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.
d4943331c6e9bd04dfbd5d772d43f3cfb604cd0b207c5e286fdb599dbf4649c0HP Security Bulletin HPSBGN03395 1 - A potential security vulnerability has been identified with HP KeyView running on HP-UX, Linux, Solaris, Windows, FreeBSD, and AIX. The vulnerability could be exploited remotely to allow execution of code. Revision 1 of this advisory.
d4943331c6e9bd04dfbd5d772d43f3cfb604cd0b207c5e286fdb599dbf4649c0Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
bc329a3900261524fdfbdfc4a69ee44f1cf3580bf83e1fd4966f829e0a755df5Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
5fdffa66da29cf0b4aa08bf49a0f9a5ca5997b4ca7d01d4ea82bdb57449ae17dSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
2b99cc85368d0e7ec41fc78a638e2478164f14d0c78d0adf6d917da358ade161Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
cb45c5189b47e0f9d97bd9f565d89125a13b55a0c8e3c774fdf71d8e9345599aSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
bc02f3202d523737697840ab82b5fdafbf74b5a2901e2a56a23422ccab890b33Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
243bc3d66cb43809d3685535695f0580c2671a484dd3d058f7581b881658042fIBM AIX versions 6.1 and 7.1 suffer from a runtime linker privilege escalation vulnerability.
41ebbb62efa48c6f09b8c1ccff28a5091823df1aa4e13fe9da1b842e17ab27acIBM AIX versions 6.1.8 and later suffer from a local privilege escalation vulnerability in libodm due to an arbitrary file write.
97e4f4df7a7a9611b4f08f9d707eb25d8be03e3dd8f09107da7a1f9b730f813cIBM AIX versions 5.3, 6.1 and 7.1 releases VIOS 2.2.* suffer from kernel memory leak and denial of service vulnerabilities. It has been identified that the ptrace() system call can be manipulated by an unprivileged user into leaking uninitialized kernel memory and that the method by which this is achieved may also lead to a denial of service condition. This can be achieved by manipulating the parameters that are passed to the ptrace() system call when performing the PT_LDINFO operation. By calling ptrace(PT_LDINFO, childpid, leakbuffer, maximumleak, NULL) with a value of maximumleak that greater than that required for the expected result of the PT_LDINFO operation, the AIX kernel will xmalloc() this space (without initializing it), populate it and then perform a copy operation that returns the result within leakbuffer.
326046758c80dfd7a90603cb6033621d1db225d4cc2532b1585420f2b0419948Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
bc05220b79733fde3e2530f9f875d76f718f74fa291cda8d7c6554de89ac4814It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in manner that means they searched for libraries in insecure locations. Version 3.9.00 of BMC Patrol for AIX is affected.
d7bb7e62af377661d9e0fc40ac344b19949122236037b9511fb75a879d085add
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed