Multiple IBM AIX Vulnerabilities

Vulnerabilities have been discovered in AIX’s X server and inet_network libc library that can lead to a number of threats. These include the execution of arbitrary code in a root context, Denial of Service, or exposure of sensitive data. The original IBM advisories are located at:

AIX X server multiple vulnerabilities

AIX libc inet_network buffer overflow

Novell Privilege Escalation, AIX Unspecified Vuln, Firefox Dialog Box

Novell ZENworks Endpoint Security Management (ESM) Security Client contains a vulnerability that could allow a local user to call cmd.exe thus giving them command line access and escalate privileges. The vulnerability is reported in version 3.5.  Administrators should upgrade to version 3.5.0.82.

An unspecified vulnerability has been reported in IBM AIX. Hardly any detail is available except that it occurs when the wrong path name is passed to the “trustchk_block_write()” function and prevents trusted files from being modified. This issue is reported in AIX 6.1 and administrators are urged to apply APAR IZ12119.

When Firefox creates an authentication dialog box it displays the actual source of the website at the end of the dialog text, where other browsers may create it at the beginning. This could lead to luring unsuspecting users to phishing websites and stealing authentication credentials. Mozilla has assigned this a security rating of low. Users should be vigilant about where they put their authentication credentials and make sure it’s to the proper website.