IBM Support

IV28715: AIX FTP VULNERABILITY CVE-2012-4845 APPLIES TO AIX 6100-06

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • ftp client is allowed to read files that the user
    running ftp is not authorized to read. This can result in
    a non-root user have access to root only files.
    

Local fix

  • To prevent this, as root user run:
    # setsecattr -c innateprivs=-PV_DAC_R /usr/bin/ftp
    # setkst
    

Problem summary

  • Security issue with ftp.
    

Problem conclusion

  • Fix security issue with ftp.
    

Temporary fix

Comments

  • 6100-06 - use AIX APAR IV28715
    6100-07 - use AIX APAR IV23331
    6100-08 - use AIX APAR IV28651
    7100-00 - use AIX APAR IV28785
    7100-01 - use AIX APAR IV28787
    7100-02 - use AIX APAR IV30669
    

APAR Information

  • APAR number

    IV28715

  • Reported component name

    AIX 610 STD EDI

  • Reported component ID

    5765G6200

  • Reported release

    610

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2012-09-26

  • Closed date

    2012-09-26

  • Last modified date

    2013-11-23

  • APAR is sysrouted FROM one or more of the following:

    IV23331

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    AIX 610 STD EDI

  • Fixed component ID

    5765G6200

Applicable component levels

  • R610 PSY U854751

       UP13/03/22 I 1000

PTF to Fileset Mapping



Document information

More support for: AIX Enterprise Edition

Software version: 610

Operating system(s): AIX

Reference #: IV28715

Modified date: 23 November 2013