IBM Support

IV28785: AIX FTP VULNERABILITY CVE-2012-4845 APPLIES TO AIX 7100-00

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • ftp client is allowed to read files that the user
    running ftp is not authorized to read. This can result in
    a non-root user have access to root only files.
    

Local fix

  • To prevent this, as root user run:
    # setsecattr -c innateprivs=-PV_DAC_R /usr/bin/ftp
    # setkst
    

Problem summary

  • Security issue with ftp.
    

Problem conclusion

  • Fix security issue with ftp.
    

Temporary fix

Comments

  • 6100-06 - use AIX APAR IV28715
    6100-07 - use AIX APAR IV23331
    6100-08 - use AIX APAR IV28651
    7100-00 - use AIX APAR IV28785
    7100-01 - use AIX APAR IV28787
    7100-02 - use AIX APAR IV30669
    

APAR Information

  • APAR number

    IV28785

  • Reported component name

    AIX V7.1

  • Reported component ID

    5765H4000

  • Reported release

    710

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2012-09-26

  • Closed date

    2012-09-26

  • Last modified date

    2013-11-23

  • APAR is sysrouted FROM one or more of the following:

    IV23331

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    AIX V7.1

  • Fixed component ID

    5765H4000

Applicable component levels

  • R710 PSY U854839

       UP13/04/25 I 1000

PTF to Fileset Mapping



Document information

More support for: AIX Enterprise Edition

Software version: 710

Operating system(s): AIX

Reference #: IV28785

Modified date: 23 November 2013