IBM SECURITY ADVISORY First Issued: Fri Nov 11 15:00:00 CST 2011 | Updated: Mon Nov 14 10:29:54 CST 2011 | Added CVE Number | Added CVSS Section | Added REFERENCES Section | Updated: Mon Nov 14 16:08:42 CST 2011 | Clarified AIX Level to be specific under FIXES | Updated: Fri Nov 18 10:19:21 CST 2011 | Added IFix for AIX Level 6.1.6.15 | Updated: Thu Dec 12 12:55:11 CST 2013 | Update: 1. Added KEYs for parsing purposes | 2. Moved to OpenSSL signature The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/wpar_advisory.asc ftp://aix.software.ibm.com/aix/efixes/security/wpar_advisory.asc =============================================================================== VULNERABILITY SUMMARY VULNERABILITY: AIX WPAR specific system call vulnerability PLATFORMS: AIX 6.1 and 7.1 releases SOLUTION: Apply the fix as described below. THREAT: An attacker may cause a denial of service CVE Number: CVE-2011-1375 CVSS=4.9 Reboot required? YES Workarounds? NO Protected by FPM? NO Protected by SED? NO =============================================================================== DETAILED INFORMATION I. DESCRIPTION Some WPAR specific system calls may cause undefined behavior, possibly resulting in a denial of service. II. CVSS CVSS Base Score: 4.9 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/71211 for the current score CVSS Environmental Score*: Undefined CVSS String: (AV:L/AC:L/Au:N/C:N/I:N/A:C) III. PLATFORM VULNERABILITY ASSESSMENT To determine if your system is vulnerable, execute the following command: lslpp -L bos.mp64 The following fileset levels are vulnerable: AIX Fileset Lower Level Upper Level KEY ---------------------------------------------------------- bos.mp64 6.1.5.0 6.1.5.8 key_w_fs bos.mp64 6.1.6.0 6.1.6.16 key_w_fs bos.mp64 6.1.7.0 6.1.7.1 key_w_fs bos.mp64 7.1.0.0 7.1.0.15 key_w_fs bos.mp64 7.1.1.0 7.1.1.0 key_w_fs IV. SOLUTIONS A. APARS IBM has assigned the following APARs to this problem: AIX Level APAR number Availability KEY --------------------------------------------------------------- 6.1.5 IV10229 TBD sp8 key_w_apar 6.1.6 IV10226 TBD sp7 key_w_apar 6.1.7 IV08468 TBD sp2 key_w_apar 7.1.0 IV10227 TBD sp5 key_w_apar 7.1.1 IV08320 TBD sp2 key_w_apar Subscribe to the APARs here: http://www.ibm.com/support/docview.wss?uid=isg1IV10229 http://www.ibm.com/support/docview.wss?uid=isg1IV10226 http://www.ibm.com/support/docview.wss?uid=isg1IV08468 http://www.ibm.com/support/docview.wss?uid=isg1IV10227 http://www.ibm.com/support/docview.wss?uid=isg1IV08320 By subscribing, you will receive periodic email alerting you to the status of the APAR, and a link to download the fix once it becomes available. B. FIXES Fixes are available. The fixes can be downloaded via ftp from: ftp://aix.software.ibm.com/aix/efixes/security/wpar_fix.tar The link above is to a tar file containing this signed advisory, fix packages, and OpenSSL signatures for each package. The fixes below include prerequisite checking. This will enforce the correct mapping between the fixes and AIX Technology Levels. AIX Level Interim Fix (*.Z) KEY ------------------------------------------------------------------- 6.1.5.8 IV10229s07.111109.epkg.Z key_w_fix 6.1.6.15 IV10226s05.111117.epkg.Z key_w_fix 6.1.6.16 IV10226s06.111109.epkg.Z key_w_fix 6.1.7.0 IV08468s00.111107.epkg.Z key_w_fix 6.1.7.1 IV08468s01.111109.epkg.Z key_w_fix 7.1.0.1 IV10227s02.111109.epkg.Z key_w_fix 7.1.0.15 IV10227s03.111109.epkg.Z key_w_fix 7.1.1.0 IV08320s00.111107.epkg.Z key_w_fix To extract the fixes from the tar file: tar xvf wpar_fix.tar cd wpar_fix Verify you have retrieved the fixes intact: The checksums below were generated using the "sum", "cksum", "csum -h MD5" (md5sum), and "csum -h SHA1" (sha1sum) commands and are as follows: sum filename ------------------------------------ 36468 8375 IV08320s00.111107.epkg.Z 40761 8244 IV08468s00.111107.epkg.Z 26052 8244 IV08468s01.111109.epkg.Z 07520 8153 IV10226s05.111117.epkg.Z 40540 8168 IV10226s06.111109.epkg.Z 16870 8179 IV10227s02.111109.epkg.Z 15814 8219 IV10227s03.111109.epkg.Z 46414 7846 IV10229s07.111109.epkg.Z cksum filename ------------------------------------------- 1466846007 8575983 IV08320s00.111107.epkg.Z 2246679030 8440873 IV08468s00.111107.epkg.Z 3001491860 8441041 IV08468s01.111109.epkg.Z 2484617540 8348399 IV10226s05.111117.epkg.Z 4194372720 8363838 IV10226s06.111109.epkg.Z 3450486203 8374286 IV10227s02.111109.epkg.Z 483041126 8416099 IV10227s03.111109.epkg.Z 2358062865 8033673 IV10229s07.111109.epkg.Z csum -h MD5 (md5sum) filename ---------------------------------------------------------- adf48d45d09097e8c767ae86d5de7215 IV08320s00.111107.epkg.Z cf20f273ba3369b9f9a69b50e83bffd9 IV08468s00.111107.epkg.Z e11bf51c84dedfabc766fe8879b6c84f IV08468s01.111109.epkg.Z 13356d1b2a12d703405bf4d08ab0bf34 IV10226s05.111117.epkg.Z b5b58c3ca7ca4aebb1d4bce7d8f320fb IV10226s06.111109.epkg.Z c957233ba375ae9ae49355d92aeb5569 IV10227s02.111109.epkg.Z fc2a3ef04156af346289ca6ba8f6ebe4 IV10227s03.111109.epkg.Z de5fcc2459dc4f325675755143249623 IV10229s07.111109.epkg.Z csum -h SHA1 (sha1sum) filename ------------------------------------------------------------------ 12ac5035a2ef80cfe0b01e3d1c6517874fe5b615 IV08320s00.111107.epkg.Z 24c408426df8389ff4451c634ffb9c9d7f63216b IV08468s00.111107.epkg.Z 458a8b455dda831af2e22b54c0b4a54cb35ee0d2 IV08468s01.111109.epkg.Z 553c7878fb97fdb658b6e47b7add9e8f18577998 IV10226s05.111117.epkg.Z cefd135acdc1adbaa46ab14457834bcb364d1d48 IV10226s06.111109.epkg.Z 16d823272a3952a752cd837ced5cb2b8db56b84d IV10227s02.111109.epkg.Z 3fc2fa2fdff5fc8a9d4b57f0c4b3f245d42184e2 IV10227s03.111109.epkg.Z 1bfdbf3b22885e3d3a86d2d5feda6dc2b733abd6 IV10229s07.111109.epkg.Z To verify the sums, use the text of this advisory as input to csum, md5sum, or sha1sum. For example: csum -h SHA1 -i Advisory.asc md5sum -c Advisory.asc sha1sum -c Advisory.asc These sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes. If the sums or signatures cannot be confirmed, contact IBM AIX Security at security-alert@austin.ibm.com and describe the discrepancy. openssl dgst -sha1 -verify AIX_PSIRT_pub.asc -signature file.asc.sig file.asc C. FIX AND INTERIM FIX INSTALLATION IMPORTANT: If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding. To preview a fix installation: installp -a -d fix_name -p all # where fix_name is the name of the # fix package being previewed. To install a fix package: installp -a -d fix_name -X all # where fix_name is the name of the # fix package being installed. Interim fixes have had limited functional and regression testing but not the full regression testing that takes place for Service Packs; thus, IBM does not warrant the fully correct functionality of an interim fix. Interim fix management documentation can be found at: http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html To preview an interim fix installation: emgr -e ipkg_name -p # where ipkg_name is the name of the # interim fix package being previewed. To install an interim fix package: emgr -e ipkg_name -X # where ipkg_name is the name of the # interim fix package being installed. V. WORKAROUNDS There are no workarounds. VI. OBTAINING FIXES AIX security fixes can be downloaded from: ftp://aix.software.ibm.com/aix/efixes/security AIX fixes can be downloaded from: http://www.ibm.com/eserver/support/fixes/fixcentral/main/pseries/aix NOTE: Affected customers are urged to upgrade to the latest applicable Technology Level and Service Pack. VII. CONTACT INFORMATION If you would like to receive AIX Security Advisories via email, please visit: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd Comments regarding the content of this announcement can be directed to: security-alert@austin.ibm.com To obtain the OpenSSL public key that can be used to verify the signed advisories and ifixes: Download the key from our web page: http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt To request the PGP public key that can be used to communicate securely with the AIX Security Team you can either: A. Send an email with "get key" in the subject line to: security-alert@austin.ibm.com B. Download the key from a PGP Public Key Server. The key ID is: 0x28BFAA12 Please contact your local IBM AIX support center for any assistance. eServer is a trademark of International Business Machines Corporation. IBM, AIX and pSeries are registered trademarks of International Business Machines Corporation. All other trademarks are property of their respective holders. VIII. ACKNOWLEDGMENTS IBM discovered and fixed this vulnerability as part of its commitment to secure the AIX operating system. IX. REFERENCES: Note: Keywords labeled as KEY in this document are used for parsing purposes. Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 X-Force Vulnerability Database: http://xforce.iss.net/xforce/xfdb/71211 CVE-2011-1375: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1375