IBM SECURITY ADVISORY
First Issued: Tue Mar 18 10:46:14 CDT 2025
The most recent version of this document is available here:
https://aix.software.ibm.com/aix/efixes/security/nim_advisory.asc
Security Bulletin: AIX is vulnerable to arbitrary command execution
(CVE-2024-56346, CVE-2024-56347)
===============================================================================
SUMMARY:
Vulnerabilities in AIX could allow a remote attacker to execute arbitrary
commands (CVE-2024-56346, CVE-2024-56347).
===============================================================================
VULNERABILITY DETAILS:
CVEID: CVE-2024-56346
https://www.cve.org/CVERecord?id=CVE-2024-56346
DESCRIPTION: IBM AIX nimesis NIM master service could allow a remote
attacker to execute arbitrary commands due to improper process
controls.
CVSS Base Score: 10
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2024-56347
https://www.cve.org/CVERecord?id=CVE-2024-56347
DESCRIPTION: IBM AIX nimsh service SSL/TLS protection mechanisms could
allow a remote attacker to execute arbitrary commands due to
improper process controls.
CVSS Base Score: 9.6
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
AFFECTED PRODUCTS AND VERSIONS:
AIX 7.2, 7.3
VIOS 3.1, 4.1
The vulnerabilities in the following filesets are being addressed:
key_fileset = aix
Fileset Lower Level Upper Level KEY
---------------------------------------------------------
bos.sysmgt.nim.client 7.2.5.0 7.2.5.203 key_w_fs
bos.sysmgt.nim.master 7.2.5.0 7.2.5.204 key_w_fs
bos.sysmgt.sysbr 7.2.5.0 7.2.5.203 key_w_fs
bos.sysmgt.nim.client 7.3.1.0 7.3.1.3 key_w_fs
bos.sysmgt.nim.master 7.3.1.0 7.3.1.3 key_w_fs
bos.sysmgt.sysbr 7.3.1.0 7.3.1.3 key_w_fs
bos.sysmgt.nim.client 7.3.2.0 7.3.2.2 key_w_fs
bos.sysmgt.nim.master 7.3.2.0 7.3.2.2 key_w_fs
bos.sysmgt.sysbr 7.3.2.0 7.3.2.2 key_w_fs
bos.sysmgt.nim.client 7.3.3.0 7.3.3.0 key_w_fs
bos.sysmgt.nim.master 7.3.3.0 7.3.3.0 key_w_fs
bos.sysmgt.sysbr 7.3.3.0 7.3.3.0 key_w_fs
To find out whether the affected filesets are installed
on your systems, refer to the lslpp command found in AIX user's guide.
Example: lslpp -L | grep -i bos.sysmgt.nim.client
REMEDIATION:
A. APARS
IBM has assigned the following APARs to this problem:
AIX Level APAR Availability SP KEY
-----------------------------------------------------
7.2.5 IJ53757 ** SP10 key_w_apar
7.3.1 IJ53929 ** N/A key_w_apar
7.3.2 IJ53923 ** SP04 key_w_apar
7.3.3 IJ53792 ** SP01 key_w_apar
VIOS Level APAR Availability SP KEY
-----------------------------------------------------
3.1.4 IJ53757 ** 3.1.4.60 key_w_apar
4.1.0 IJ53923 ** 4.1.0.40 key_w_apar
4.1.1 IJ53792 ** 4.1.1.10 key_w_apar
Subscribe to the APARs here:
https://www.ibm.com/support/pages/apar/[APAR Number]
By subscribing, you will receive periodic email alerting you
to the status of the APAR, and a link to download the fix once
it becomes available.
B. FIXES
IBM strongly recommends addressing the vulnerability now.
AIX and VIOS fixes are available.
The AIX and VIOS fixes can be downloaded via https from:
https://aix.software.ibm.com/aix/efixes/security/nim_fix.tar
The link above is to a tar file containing this signed
advisory, fix packages, and OpenSSL signatures for each package.
The fixes below include prerequisite checking. This will
enforce the correct mapping between the fixes and AIX
Technology Levels.
NOTE: To help with enabling the fix, a README file is provided
in the tar file.
For NIM client:
AIX Level Interim Fix (*.Z) KEY PRODUCT(S)
---------------------------------------------------------
7.2.5.7 IJ53757m7a.250317.epkg.Z key_w_fix nimclient
7.2.5.8 IJ53757m8a.250318.epkg.Z key_w_fix nimclient
7.2.5.9 IJ53757m9a.250317.epkg.Z key_w_fix nimclient
7.3.1.3 IJ53929m3a.250317.epkg.Z key_w_fix nimclient
7.3.1.4 IJ53929m4a.250317.epkg.Z key_w_fix nimclient
7.3.2.1 IJ53923m1a.250317.epkg.Z key_w_fix nimclient
7.3.2.2 IJ53923m2a.250317.epkg.Z key_w_fix nimclient
7.3.2.3 IJ53923m3a.250317.epkg.Z key_w_fix nimclient
7.3.3.0 IJ53792m0a.250317.epkg.Z key_w_fix nimclient
Please note that the above table refers to AIX TL/SP level as
opposed to fileset level, i.e., 7.2.5.8 is AIX 7200-05-08.
Please reference the Affected Products and Version section above
for help with checking installed fileset levels.
VIOS Level Interim Fix (*.Z) KEY PRODUCT(S)
----------------------------------------------------------
3.1.4.31 IJ53757m7a.250317.epkg.Z key_w_fix nimclient
3.1.4.41 IJ53757m8a.250318.epkg.Z key_w_fix nimclient
3.1.4.50 IJ53757m9a.250317.epkg.Z key_w_fix nimclient
4.1.0.10 IJ53923m1a.250317.epkg.Z key_w_fix nimclient
4.1.0.21 IJ53923m2a.250317.epkg.Z key_w_fix nimclient
4.1.0.30 IJ53923m3a.250317.epkg.Z key_w_fix nimclient
4.1.1.0 IJ53792m0a.250317.epkg.Z key_w_fix nimclient
For NIM master:
AIX Level Interim Fix (*.Z) KEY PRODUCT(S)
---------------------------------------------------------
7.2.5.7 IJ53757m7b.250317.epkg.Z key_w_fix nimmaster
7.2.5.8 IJ53757m8b.250318.epkg.Z key_w_fix nimmaster
7.2.5.9 IJ53757m9b.250317.epkg.Z key_w_fix nimmaster
7.3.1.3 IJ53929m3b.250317.epkg.Z key_w_fix nimmaster
7.3.1.4 IJ53929m4b.250317.epkg.Z key_w_fix nimmaster
7.3.2.1 IJ53923m1b.250317.epkg.Z key_w_fix nimmaster
7.3.2.2 IJ53923m2b.250317.epkg.Z key_w_fix nimmaster
7.3.2.3 IJ53923m3b.250317.epkg.Z key_w_fix nimmaster
7.3.3.0 IJ53792m0b.250317.epkg.Z key_w_fix nimmaster
Please note that the above table refers to AIX TL/SP level as
opposed to fileset level, i.e., 7.2.5.8 is AIX 7200-05-08.
Please reference the Affected Products and Version section above
for help with checking installed fileset levels.
VIOS Level Interim Fix (*.Z) KEY PRODUCT(S)
----------------------------------------------------------
3.1.4.31 IJ53757m7b.250317.epkg.Z key_w_fix nimmaster
3.1.4.41 IJ53757m8b.250318.epkg.Z key_w_fix nimmaster
3.1.4.50 IJ53757m9b.250317.epkg.Z key_w_fix nimmaster
4.1.0.10 IJ53923m1b.250317.epkg.Z key_w_fix nimmaster
4.1.0.21 IJ53923m2b.250317.epkg.Z key_w_fix nimmaster
4.1.0.30 IJ53923m3b.250317.epkg.Z key_w_fix nimmaster
4.1.1.0 IJ53792m0b.250317.epkg.Z key_w_fix nimmaster
To extract the fixes from the tar file:
tar xvf nim_fix.tar
cd nim_fix
Verify you have retrieved the fixes intact:
The checksums below were generated using the
"openssl dgst -sha256 [filename]" command as the following:
openssl dgst -sha256 filename KEY
-----------------------------------------------------------------------------------------------------
981fb3c8212ee58b0a40f94e07752624552aee5965f5a5f68fc0b39fe102e718 IJ53757m7a.250317.epkg.Z key_w_csum
12da75de45f5352ccfc2c0d733cabb36f404fd228d86cd967571b11c4d1ba5b2 IJ53757m7b.250317.epkg.Z key_w_csum
28d830d9af7788b15146bfd17b18fdafa5a1f65e2ec41ffadc11430b602e5ff5 IJ53757m8a.250318.epkg.Z key_w_csum
9fbf12562eae9ff559d2ff4fae88120e9af8c842692f6954a7b024ddac31fafd IJ53757m8b.250318.epkg.Z key_w_csum
7adbdd2791681b436e99085b39805b9aaeccf8617fdaa9033aaa79951d9aa10c IJ53757m9a.250317.epkg.Z key_w_csum
db4490ffd919679f9d7dd42897d00444b7e185c4a535967c6f422f3091c63cb5 IJ53757m9b.250317.epkg.Z key_w_csum
6753ce691468303cc593613695e14611ccd1ad437d5720e57587a4e09ec26555 IJ53792m0a.250317.epkg.Z key_w_csum
39b64c4ee66ef11a983db7fa3b251089a156f9432345680a03b07732a33888e8 IJ53792m0b.250317.epkg.Z key_w_csum
2e2fb65adba3557e4854d8c220e47af3f7e3a3c29044045d5ca63c4de52491d0 IJ53923m1a.250317.epkg.Z key_w_csum
a9a52f621ca9e2f5a00fe96bb56baafaa4ea957c2e1c328f50cfb3000a14b659 IJ53923m1b.250317.epkg.Z key_w_csum
dc442e041eb7dd6e83e0b541afcf976e81f31bc573e565e21c1973e0fae31119 IJ53923m2a.250317.epkg.Z key_w_csum
7d6aeb0e1225b3da9cc95c213d4b0a99ad1d47532ceb8ebe7b4effe42b4152aa IJ53923m2b.250317.epkg.Z key_w_csum
d25afdfcd43a4749b7486d23b862316ddb240af55f13c44821a9fab388abc499 IJ53923m3a.250317.epkg.Z key_w_csum
72d23a3c4d2ccfddfd3809fd1de9b7ec0a1bca7d90f1ab53356da01adfa47d0e IJ53923m3b.250317.epkg.Z key_w_csum
8231a086c99dfaf74dd6353f44a0af823858094c549771ac0fff4e9f4d0e6319 IJ53929m3a.250317.epkg.Z key_w_csum
166c6dc240fbee834d44b4090da53ca5b8839f297f5b225d0298f560b023062e IJ53929m3b.250317.epkg.Z key_w_csum
cfa77b3693bac59de04854370c9902ce90ca6dab0f544a85ad31a8b9c98299d7 IJ53929m4a.250317.epkg.Z key_w_csum
d157b7069a0c7365957777adbe19bcc079fd5021c5ea76a7ffb77dde8b8cbccb IJ53929m4b.250317.epkg.Z key_w_csum
These sums should match exactly. The OpenSSL signatures in the tar
file and on this advisory can also be used to verify the
integrity of the fixes. If the sums or signatures cannot be
confirmed, contact IBM Support at
http://ibm.com/support/ and describe the discrepancy.
openssl dgst -sha256 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]
openssl dgst -sha256 -verify [pubkey_file] -signature [ifix_file].sig [ifix_file]
Published advisory OpenSSL signature file location:
https://aix.software.ibm.com/aix/efixes/security/nim_advisory.asc.sig
C. FIX AND INTERIM FIX INSTALLATION
NOTE: To help with enabling the fix, a README file is provided
in the tar file.
If possible, it is recommended that a mksysb backup of the system
be created. Verify it is both bootable and readable before
proceeding.
To preview a fix installation:
installp -a -d fix_name -p all # where fix_name is the name of the
# fix package being previewed.
To install a fix package:
installp -a -d fix_name -X all # where fix_name is the name of the
# fix package being installed.
Interim fixes have had limited functional and regression
testing but not the full regression testing that takes place
for Service Packs; however, IBM does fully support them.
Interim fix management documentation can be found at:
https://www.ibm.com/support/pages/managing-interim-fixes-aix
To preview an interim fix installation:
emgr -e ipkg_name -p # where ipkg_name is the name of the
# interim fix package being previewed.
To install an interim fix package:
emgr -e ipkg_name -X # where ipkg_name is the name of the
# interim fix package being installed.
WORKAROUNDS AND MITIGATIONS:
None.
===============================================================================
CONTACT US:
Note: Keywords labeled as KEY in this document are used for parsing
purposes.
If you would like to receive AIX Security Advisories via email,
please visit "My Notifications":
http://www.ibm.com/support/mynotifications
Contact IBM Support for questions related to this announcement:
https://ibm.com/support/
For information on how to securely verify AIX security bulletins and fixes:
https://www.ibm.com/support/pages/node/6985269
To obtain the OpenSSL public key that can be used to verify the
signed advisories and ifixes:
Download the key from our web page:
https://aix.software.ibm.com/aix/efixes/security/systems_p_os_aix_security_pubkey.txt
To verify the AIX/VIOS security bulletin:
Published advisory OpenSSL signature file location:
https://aix.software.ibm.com/aix/efixes/security/nim_advisory.asc.sig
openssl dgst -sha256 -verify [pubkey_file] -signature [advisory_file].sig [advisory_file]
Please contact your local IBM AIX support center for any
assistance.
REFERENCES:
Complete CVSS v3 Guide: http://www.first.org/cvss/user-guide
On-line Calculator v3:
http://www.first.org/cvss/calculator/3.0
RELATED INFORMATION:
IBM Secure Engineering Web Portal
http://www.ibm.com/security/secure-engineering/bulletins.html
IBM Product Security Incident Response Blog
https://www.ibm.com/blogs/psirt/
Security Bulletin: AIX is vulnerable to arbitrary command execution
(CVE-2024-56346, CVE-2024-56347)
https://www.ibm.com/support/pages/node/7186621
ACKNOWLEDGEMENTS:
The vulnerabilities were reported to IBM by Oneconsult AG
(https://oneconsult.com/), Jan Alsenz.
CHANGE HISTORY:
First Issued: Tue Mar 18 10:46:14 CDT 2025
===============================================================================
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.