Published: 13/02/2018 Updated: 03/10/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 9.1 | Impact Score: 6 | Exploitability Score: 2.3

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm aix 7.2.2
ibm aix 7.1.3
ibm aix 7.1.1
ibm aix 6.1.5
ibm aix 6.1.7
ibm aix 6.1
ibm aix 6.1.1
ibm aix 6.1.2
ibm aix 6.1.3
ibm aix 7.2.1
ibm aix 7.2
ibm aix 7.1.5
ibm aix 7.1.4
ibm aix 6.1.9
ibm aix 7.1.2
ibm aix 7.1
ibm aix 6.1.4
ibm aix 6.1.6
ibm aix 6.1.8

If you haven't already killed Lotus Notes, IBM just gave you the perfect reason to do it now, fast

The Register • Richard Chirgwin • 12 Feb 2018

Also: Big Blue's Meltdown, Spectre status updated, and a mystery bug in AIX

IBM has warned that bugs in its Notes auto-updater mean the service can be tricked into running malicious code. In its advisory, IBM says the Notes Smart Updater service, which sees upgrades of Notes sent to users' desktops, “can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory.” Compromising an auto-updater is serious business: users trust them to bring in safe code, in this case new versions of Notes. Flaws in such a service are theref...

CVE-2018-1383

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect