(IBM Issues Fix for IBM AIX pConsole) IBM AIX Default TLS Version Lets Remote Users Conduct Man-in-the-Middle Attacks Obtain Potentially Sensitive Information on the Target System
|
SecurityTracker Alert ID: 1037396 |
SecurityTracker URL: http://securitytracker.com/id/1037396
|
CVE Reference:
CVE-2016-0266
(Links to External Site)
|
Date: Dec 6 2016
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 6.1.9, 7.1.3, 7.1.4
|
Description:
A vulnerability reported in IBM AIX. A remote user can obtain potentially sensitive information on the target system in certain cases.
The operating system does not require the newest version of TLS by default. A remote user that can conduct a man-in-the-middle attack can obtain potentially sensitive information communicated by the target system.
|
Impact:
A remote user that can conduct a man-in-the-middle attack can obtain potentially sensitive information communicated by the target system.
|
Solution:
IBM has issued a fix for CVE-2016-0266 for IBM AIX pConsole.
For 6.1.9: APAR IV89739
For 7.1.4: APAR IV89737
The IBM advisory is available at:
https://aix.software.ibm.com/aix/efixes/security/pconsole_advisory2.asc
|
Vendor URL: aix.software.ibm.com/aix/efixes/security/pconsole_advisory2.asc (Links to External Site)
|
Cause:
State error
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|