IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394.

CVE-2022-22350: IBM X-Force Exchange

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076.

**Security Bulletin**

  

**Summary**

There are multiple vulnerabilities in AIX CAA.

**Vulnerability Details**

**Affected Products and Versions**

Affected Product(s)

Version(s)

AIX

7.1

AIX

7.2

AIX

7.3

VIOS

3.1

The vulnerabilities in the following filesets are being addressed:

Fileset

Lower Level

Upper Level

bos.cluster.rte

7.1.5.0

7.1.5.38

bos.cluster.rte

7.2.4.0

7.2.4.4

bos.cluster.rte

7.2.5.0

7.2.5.1

bos.cluster.rte

7.2.5.100

7.2.5.101

bos.cluster.rte

7.3.0.0

7.3.0.0

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.

Example:  lslpp -L | grep -i bos.cluster.rte

  

**Remediation/Fixes**

**A. APARS**

IBM has assigned the following APARs to this problem:

AIX Level

APAR

SP

7.1.5

IJ37355

SP10

7.2.4

IJ37496

SP06

7.2.5

IJ36682

SP04

7.3.0

IJ36596

SP02

 

VIOS Level

APAR

SP

3.1.1

IJ37496

3.1.1.60

3.1.2

IJ37512

3.1.2.40

3.1.3

IJ36682

3.1.3.20

Subscribe to the APARs here:

By subscribing, you will receive periodic email alerting you to the status of the APAR, and a link to download the fix once it becomes available.

**B. FIXES**

AIX and VIOS fixes are available.

An LPAR system reboot is required to complete the iFix installation, or Live Update may be used on AIX 7.2 and 7.3 to avoid a reboot.

The AIX and VIOS fixes can be downloaded via ftp or http from:

The link above is to a tar file containing this signed advisory, fix packages, and OpenSSL signatures for each package. The fixes below include prerequisite checking. This will enforce the correct mapping between the fixes and AIX Technology Levels.

AIX Level

Interim Fix

7.1.5.7

IJ37355s7a.220228.epkg.Z

7.1.5.8

IJ37355s8a.220228.epkg.Z

7.1.5.9

IJ37355s9a.220228.epkg.Z

7.1.5.9

IJ37355s9b.220228.epkg.Z

7.2.4.3

IJ37496s3a.220228.epkg.Z

7.2.4.4

IJ37496s4a.220228.epkg.Z

7.2.4.5

IJ37496s5a.220228.epkg.Z

7.2.5.1

IJ37512s1a.220228.epkg.Z

7.2.5.2

IJ37512s2a.220228.epkg.Z

7.2.5.3

IJ36682s3a.220228.epkg.Z

7.2.5.3

IJ36682s3b.220228.epkg.Z

7.3.0.1

IJ36596s1a.220228.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.2 is AIX 7200-05-02.

NOTE:  Multiple iFixes are provided for AIX 7100-05-09 and 7200-05-03.

IJ37355s9a is for AIX 7100-05-09 with bos.cluster.rte fileset level 7.1.5.38.

IJ37355s9b is for AIX 7100-05-09 with bos.cluster.rte fileset level 7.1.5.37.

IJ36682s3a is for AIX 7200-05-03 with bos.cluster.rte fileset level 7.2.5.101.

IJ36682s3b is for AIX 7200-05-03 with bos.cluster.rte fileset level 7.2.5.100.

Please reference the Affected Products and Version section above for help with checking installed fileset levels.

VIOS Level

Interim Fix

3.1.1.30

IJ37496s3a.220228.epkg.Z

3.1.1.40

IJ37496s4a.220228.epkg.Z

3.1.1.50

IJ37496s5a.220228.epkg.Z

3.1.2.10

IJ37512s1a.220228.epkg.Z

3.1.2.21

IJ37512s2a.220228.epkg.Z

3.1.3.10

IJ36682s3b.220228.epkg.Z

3.1.3.14

IJ36682s3a.220228.epkg.Z

To extract the fixes from the tar file:

tar xvf caa\_fix2.tar

cd caa\_fix2

Verify you have retrieved the fixes intact:

The checksums below were generated using the "openssl dgst -sha256 \[filename\]" command as the following:

openssl dgst -sha256

filename

6e45651c382f9915771c9714b994d26a783a8caecb8e3c8b3350d981aee7349b

IJ36596s1a.220228.epkg.Z

88a2f0bcc4b7676eab0db362fd885d360ad3a38104edbe7bed1e4c79a56be30d

IJ36682s3a.220228.epkg.Z

a81847ca47786818db8dce79f4a982c285815f561e2c9e8630840c229a27d381

IJ36682s3b.220228.epkg.Z

b4efa8234dc00c91148c75ec25e1c5fd3cd96ec691131ece6e458e5c33591335

IJ37355s7a.220228.epkg.Z

e141352471d842585e176bfb3ccc27289620b63de96478cca7688f4851841023

IJ37355s8a.220228.epkg.Z

9440584798abfa576e4e90287847f22cc9019281a213f1d289df330e75e77b56

IJ37355s9a.220228.epkg.Z

4d77a4e7fd8cd356deda29d6ff9a5996912ebd22e0898ede34725220d8df2577

IJ37355s9b.220228.epkg.Z

991ac1e17a4dd3b20feb44162b3f04a9dcda8cb2acce398e09c520b5871ccff3

IJ37496s3a.220228.epkg.Z

a0a24034a8a2fc3f2fa4ed8e5b05da045587300708812fe5c796a41b87b8e855

IJ37496s4a.220228.epkg.Z

2f74bee159291cec6944f8b522dbbf086f01b65a30da76595773b5851008c0ba

IJ37496s5a.220228.epkg.Z

95086a37dbf91e218f145c172cf2ca39029dfbecb00f072d4a36887f91536551

IJ37512s1a.220228.epkg.Z

9e2ecbbe30354bdd275679ac9e22ec7ca0dfb8a87cbe73f46767422b90206afd

IJ37512s2a.220228.epkg.Z

These sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes.  If the sums or signatures cannot be confirmed, contact IBM Support at http://ibm.com/support/ and describe the discrepancy.         

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[advisory\_file\].sig \[advisory\_file\]

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[ifix\_file\].sig \[ifix\_file\]

Published advisory OpenSSL signature file location:

**C. FIX AND INTERIM FIX INSTALLATION**

An LPAR system reboot is required to complete the iFix installation, or Live Update may be used on AIX 7.2 and 7.3 to avoid a reboot.

If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

To preview a fix installation:

installp -a -d fix\_name -p all  # where fix\_name is the name of the

                                            # fix package being previewed.

To install a fix package:

installp -a -d fix\_name -X all  # where fix\_name is the name of the

                                            # fix package being installed.

Interim fixes have had limited functional and regression testing but not the full regression testing that takes place for Service Packs; however, IBM does fully support them.

Interim fix management documentation can be found at:

To preview an interim fix installation:

emgr -e ipkg\_name -p         # where ipkg\_name is the name of the

                                         # interim fix package being previewed.

To install an interim fix package:

emgr -e ipkg\_name -X         # where ipkg\_name is the name of the

                                         # interim fix package being installed.

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

01 Mar 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU048","label":"Systems w\\/TPS"},"Product":{"code":"SSSMHJ","label":"PowerVM Virtual I\\/O Server"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"3.1","Edition":""},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"7.1,7.2,7.3","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}\]

CVE-2021-38996: Security Bulletin: Vulnerabilities in AIX CAA (CVE-2022-22350, CVE-2021-38996)

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.

**![](https://fortiguard.com/static/images/icons/psirt.svg?v=5463) PSIRT Advisories**

**FortiOS - Bypassing FortiGate security profiles via SNI in Client Hello**

**Summary**

An exposure of sensitive information to an unauthorized actor vulnerability \[CWE-200\] in FortiOS may allow a privileged attacker to disclose sensitive information via SNI Client Hello TLS packets.

**Affected Products**

Forti​OS version 6.4.3 and below  
Forti​OS version 6.2.5 and below  
Forti​OS version 6.0.11 and below  
 

**Solutions**

Given that there is no systematic way to detect **all** exfiltration attempts and to exhaustively enumerate all possibilities offered by exfiltration channels, Fortinet has addressed the issue by releasing a set of signatures:

1.  Python/SNICat.A!exploit  
    https://www.fortiguard.com/encyclopedia/virus/10069638
    
2.  SNIcat.Data.Exfiltration.Tool  
    https://www.fortiguard.com/encyclopedia/ips/50952
    

**References**

*   https://community.fortinet.com/t5/FortiGate/Technical-Tip-Bypassing-FortiGate-web-filter-profile-by-using/ta-p/200212

CVE-2020-15936: Fortiguard

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.

**Security Bulletin**

  

**Summary**

There is a vulnerability in the AIX audit user commands.

**Vulnerability Details**

**CVEID:**   CVE-2021-38955  
**DESCRIPTION:**   IBM AIX could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands.  
CVSS Base score: 4.4  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211825 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

AIX

7.1

AIX

7.2

AIX

7.3

VIOS

3.1

The vulnerabilities in the following filesets are being addressed:

Fileset

Lower Level

Upper Level

bos.rte.security

7.1.5.0

7.1.5.37

bos.rte.security

7.2.4.0

7.2.4.4

bos.rte.security

7.2.5.0

7.2.5.2

bos.rte.security

7.2.5.100

7.2.5.101

bos.rte.security

7.3.0.0

7.3.0.0

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.

Example:  lslpp -L | grep -i bos.rte.security

  

**Remediation/Fixes**

**A. APARS**

IBM has assigned the following APARs to this problem:

AIX Level

APAR

SP

7.1.5

IJ38113

SP10

7.2.4

IJ38115

SP06

7.2.5

IJ38117

SP04

7.3.0

IJ38121

SP02

 

VIOS Level

APAR

SP

3.1.1

IJ38115

3.1.1.60

3.1.2

IJ38119

3.1.2.40

3.1.3

IJ38117

3.1.3.20

Subscribe to the APARs here:

By subscribing, you will receive periodic email alerting you to the status of the APAR, and a link to download the fix once it becomes available.

**B. FIXES**

AIX and VIOS fixes are available.

The AIX and VIOS fixes can be downloaded via ftp or http from:

The link above is to a tar file containing this signed advisory, fix packages, and OpenSSL signatures for each package. The fixes below include prerequisite checking. This will enforce the correct mapping between the fixes and AIX Technology Levels.

AIX Level

Interim Fix

7.1.5.7

IJ38113m9a.220227.epkg.Z

7.1.5.8

IJ38113m9a.220227.epkg.Z

7.1.5.9

IJ38113m9a.220227.epkg.Z

7.2.4.3

IJ38115m5a.220227.epkg.Z

7.2.4.4

IJ38115m5a.220227.epkg.Z

7.2.4.5

IJ38115m5a.220227.epkg.Z

7.2.5.1

IJ38119m2a.220227.epkg.Z

7.2.5.2

IJ38119m2a.220227.epkg.Z

7.2.5.3

IJ38117m3a.220227.epkg.Z

7.3.0.1

IJ38121m1a.220227.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.2 is AIX 7200-05-02.

Please reference the Affected Products and Version section above for help with checking installed fileset levels.

VIOS Level

Interim Fix

3.1.1.30

IJ38115m5a.220227.epkg.Z

3.1.1.40

IJ38115m5a.220227.epkg.Z

3.1.1.50

IJ38115m5a.220227.epkg.Z

3.1.2.10

IJ38119m2a.220227.epkg.Z

3.1.2.21

IJ38119m2a.220227.epkg.Z

3.1.3.10

IJ38117m3a.220227.epkg.Z

3.1.3.14

IJ38117m3a.220227.epkg.Z

To extract the fixes from the tar file:

tar xvf audit\_fix.tar

cd audit\_fix

Verify you have retrieved the fixes intact:

The checksums below were generated using the "openssl dgst -sha256 \[filename\]" command as the following:

openssl dgst -sha256

filename

9c106a0fcc85c04f1cb41b939b3019daa7fb2fa2b826f6ea41bf4b6e415f54ae

IJ38113m9a.220227.epkg.Z

3da452a1fadea25122c899a851907b8df6e0346f016373e22e98a36a7deedaf2

IJ38115m5a.220227.epkg.Z

abcc517295ba08a79f994f1091778c7845729cb96a0ac5530b0777ea23e93050

IJ38117m3a.220227.epkg.Z

851e4b2c602e5e869b36bea8190da813b880f10aae6227f2595ecf06289dd58c

IJ38119m2a.220227.epkg.Z

e61fce4c31be526987ad5842155d71a8912622dde0b76091545ad3a40ea70f78

IJ38121m1a.220227.epkg.Z

These sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes.  If the sums or signatures cannot be confirmed, contact IBM Support at http://ibm.com/support/ and describe the discrepancy.         

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[advisory\_file\].sig \[advisory\_file\]

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[ifix\_file\].sig \[ifix\_file\]

Published advisory OpenSSL signature file location:

**C. FIX AND INTERIM FIX INSTALLATION**

If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

To preview a fix installation:

installp -a -d fix\_name -p all  # where fix\_name is the name of the

                                            # fix package being previewed.

To install a fix package:

installp -a -d fix\_name -X all  # where fix\_name is the name of the

                                            # fix package being installed.

Interim fixes have had limited functional and regression testing but not the full regression testing that takes place for Service Packs; however, IBM does fully support them.

Interim fix management documentation can be found at:

To preview an interim fix installation:

emgr -e ipkg\_name -p         # where ipkg\_name is the name of the

                                         # interim fix package being previewed.

To install an interim fix package:

emgr -e ipkg\_name -X         # where ipkg\_name is the name of the

                                         # interim fix package being installed.

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

28 Feb 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"7.1,7.2,7.3","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU048","label":"Systems w\\/TPS"},"Product":{"code":"SSSMHJ","label":"PowerVM Virtual I\\/O Server"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"3.1","Edition":""}\]

CVE-2021-38955: Security Bulletin: Vulnerability in AIX audit commands (CVE-2021-38955)

Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h.

A heap-buffer-overflow was discovered in function fouBytesToInt():AudioFile.h:1196  
The issue is being triggered in function getIndexOfChunk()

    git clone the Lastest Version firstly.
    mkdir build
    cd build && cmake ..
    g++ -g -fsanitize=address -o valibin a.cpp AudioFile.h
    ./ poc
    

    #include <iostream>
    #define _USE_MATH_DEFINES
    #include <cmath>
    #include "AudioFile.h"
    
    namespace examples
    
    {
    
        void writeSineWaveToAudioFile();
    
        void loadAudioFileAndPrintSummary(char *);
    
        void loadAudioFileAndProcessSamples(char *);
    
    } // namespace examples
    
    int main(int argc, char **argv)
    
    {
            examples::loadAudioFileAndPrintSummary(argv[1]);
            examples::loadAudioFileAndProcessSamples(argv[1]);
    }
    
    
    
    
    
    namespace examples
    
    {
    
        void writeSineWaveToAudioFile()
    
        {
      
    
            AudioFile<float> a;
    
            a.setNumChannels(2);
    
            a.setNumSamplesPerChannel(44100);
    
    
    
            //---------------------------------------------------------------
    
            // 2. Create some variables to help us generate a sine wave
    
    
    
            const float sampleRate = 44100.f;
    
            const float frequencyInHz = 440.f;
    
    
    
            //---------------------------------------------------------------
    
            // 3. Write the samples to the AudioFile sample buffer
    
    
    
            for (int i = 0; i < a.getNumSamplesPerChannel(); i++)
    
            {
    
                for (int channel = 0; channel < a.getNumChannels(); channel++)
    
                {
    
                    a.samples[channel][i] = sin((static_cast<float>(i) / sampleRate) * frequencyInHz * 2.f * M_PI);
    
                }
    
            }
    
    
    
            //---------------------------------------------------------------
    
            // 4. Save the AudioFile
    
    
    
            std::string filePath = "sine-wave.wav"; // change this to somewhere useful for you
    
            a.save("sine-wave.wav", AudioFileFormat::Wave);
    
        }
    
    
    
        //=======================================================================
    
        void loadAudioFileAndPrintSummary(char *file)
    
        {
            const std::string filePath = std::string(file);
    
            AudioFile<float> a;
    
            bool loadedOK = a.load(filePath);
    
    
    
            /** If you hit this assert then the file path above
    
             probably doesn't refer to a valid audio file */
    
            assert(loadedOK);
    
    
    
            //---------------------------------------------------------------
    
            // 3. Let's print out some key details
    
    
    
            std::cout << "Bit Depth: " << a.getBitDepth() << std::endl;
    
            std::cout << "Sample Rate: " << a.getSampleRate() << std::endl;
    
            std::cout << "Num Channels: " << a.getNumChannels() << std::endl;
    
            std::cout << "Length in Seconds: " << a.getLengthInSeconds() << std::endl;
    
            std::cout << std::endl;
    
        }
    
    
    
        //=======================================================================
    
        void loadAudioFileAndProcessSamples(char *file)
    
        {
    
            //---------------------------------------------------------------
    
            std::cout << "**********************" << std::endl;
    
            std::cout << "Running Example: Load Audio File and Process Samples" << std::endl;
    
            std::cout << "**********************" << std::endl
    
                      << std::endl;
    
    
    
            //---------------------------------------------------------------
    
            // 1. Set a file path to an audio file on your machine
    
            const std::string inputFilePath = std::string(file);
    
    
    
            //---------------------------------------------------------------
    
            // 2. Create an AudioFile object and load the audio file
    
    
    
            AudioFile<float> a;
    
            bool loadedOK = a.load(inputFilePath);
    
    
    
            /** If you hit this assert then the file path above
    
             probably doesn't refer to a valid audio file */
    
            assert(loadedOK);
    
    
    
            //---------------------------------------------------------------
    
            // 3. Let's apply a gain to every audio sample
    
    
    
            float gain = 0.5f;
    
    
    
            for (int i = 0; i < a.getNumSamplesPerChannel(); i++)
    
            {
    
                for (int channel = 0; channel < a.getNumChannels(); channel++)
    
                {
    
                    a.samples[channel][i] = a.samples[channel][i] * gain;
    
                }
    
            }
    
    
    
            //---------------------------------------------------------------
    
            // 4. Write audio file to disk
    
    
    
            //std::string outputFilePath = "quieter-audio-filer.wav"; // change this to somewhere useful for you
    
            //a.save(outputFilePath, AudioFileFormat::Aiff);
    
        }
    
    } // namespace examples
    
    

POC file at the bottom of this report.

CVE-2022-25023: [Bug]heap-buffer-overflow in function fouBytesToInt():AudioFile.h:1196 · Issue #58 · adamstark/AudioFile

The Yoast SEO WordPress plugin before 17.3 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

CVE-2021-25118: Changeset 2608691 – WordPress Plugin Repository

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service.  IBM X-Force ID:  212962.

CVE-2021-38993: IBM X-Force Exchange

JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, PyCharm Professional 2021.3.1 RC, GoLand 2021.3.1, PhpStorm 2021.3.1 Preview, PhpStorm 2021.3.1 RC, RubyMine 2021.3.1 Preview, RubyMine 2021.3.1 RC, CLion 2021.3.1, WebStorm 2021.3.1 Preview, and WebStorm 2021.3.1 RC (used as Remote Development backend IDEs) bind to the 0.0.0.0 IP address. The fixed versions are: IntelliJ IDEA 2021.3.1, PyCharm Professional 2021.3.1, GoLand 2021.3.2, PhpStorm 2021.3.1 (213.6461.83), RubyMine 2021.3.1, CLion 2021.3.2, and WebStorm 2021.3.1.

*   JavaScript
*   .NET
*   Java & JVM
*   C++
*   macOS & iOS
*   Python & Django
*   PHP
*   Ruby & Rails
*   Go
*   Kotlin
*   SQL
*   See all tools

**Trusted**

Many of the world's most dynamic companies and individuals find JetBrains tools make them more creative and effective.

12.8M

users trust our tools

Our tools are used all over the world in some of the best-known companies.

*   Google
*   NASA
*   Valve
*   Netflix
*   Ubisoft
*   Twitter

**Customer Stories**

See how the world's leading companies use JetBrains products

**OpenStack**

PyCharm has tons of advantages when compared to text editors in terms of supported functionality. With respect to Python development, PyCharm definitely stands out with features like remote debugging, code quality checks, and integrations with third-party software like Docker and Kubernetes.

Swapnil Kulkarni, Active Technology Contributor, OpenStack

Read case study

**Instil**

When the social distancing restrictions were introduced in March 2020, we needed a tool that would let us collaborate online with students as part of virtual deliveries, and Space was the obvious choice.

Garth Gilmour, Instil

Read case study

**VMware**

As our team carefully weighed the benefits and shortcomings of building our strategy upon each of the frameworks, Kotlin Multiplatform Mobile ultimately emerged as the framework of choice.

Kris Wong, Software Engineer/Architect, VMware

Read case study

More case studies

**Discover more**

CVE-2021-45977: JetBrains: Essential tools for software developers and teams

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service.  IBM X-Force ID:  213073.

**Security Bulletin**

  

**Summary**

There are multiple vulnerabilities in the AIX kernel.

**Vulnerability Details**

**Affected Products and Versions**

Affected Product(s)

Version(s)

AIX

7.1

AIX

7.2

AIX

7.3

VIOS

3.1

The vulnerabilities in the following filesets are being addressed:

Fileset

Lower Level

Upper Level

bos.mp64

7.1.5.0

7.1.5.45

bos.mp64

7.2.4.0

7.2.4.9

bos.mp64

7.2.5.0

7.2.5.3

bos.mp64

7.2.5.100

7.2.5.103

bos.mp64

7.3.0.0

7.3.0.1

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.

Example:  lslpp -L | grep -i bos.mp64

  

**Remediation/Fixes**

**A. APARS**        

IBM has assigned the following APARs to this problem:

AIX Level

APAR

SP

7.1.5

IJ37452

SP10

7.2.4

IJ37501

SP06

7.2.5

IJ37012

SP04

7.3.0

IJ37001

SP02

VIOS Level

APAR

SP

3.1.1

IJ37501

3.1.1.60

3.1.2

IJ37776

3.1.2.40

3.1.3

IJ37012

3.1.3.20

Subscribe to the APARs here:

By subscribing, you will receive periodic email alerting you to the status of the APAR, and a link to download the fix once it becomes available.

**B. FIXES**

AIX and VIOS fixes are available.

An LPAR system reboot is required to complete the iFix installation, or Live Update may be used on AIX 7.2 to avoid a reboot.

The AIX and VIOS fixes can be downloaded via ftp or http from:

The link above is to a tar file containing this signed advisory, fix packages, and OpenSSL signatures for each package. The fixes below include prerequisite checking. This will enforce the correct mapping between the fixes and AIX Technology Levels.

AIX Level

Interim Fix

7.1.5.7

IJ37452m7a.220215.epkg.Z

7.1.5.8

IJ37452m8a.220215.epkg.Z

7.1.5.9

IJ37452s9a.220215.epkg.Z

7.1.5.9

IJ37452s9b.220215.epkg.Z

7.2.4.3

IJ37501m3a.220215.epkg.Z

7.2.4.4

IJ37501m4a.220215.epkg.Z

7.2.4.5

IJ37501m5a.220215.epkg.Z

7.2.5.1

IJ37776m1a.220215.epkg.Z

7.2.5.2

IJ37776m2a.220215.epkg.Z

7.2.5.3

IJ37012m3a.220215.epkg.Z

7.2.5.3

IJ37012m3b.220215.epkg.Z

7.3.0.1

IJ37001m1a.220215.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.2 is AIX 7200-05-02.

NOTE:  Multiple iFixes are provided for AIX 7100-05-09 and 7200-05-03.

IJ37452s9a is for AIX 7100-05-09 with bos.mp64 fileset level 7.1.5.45.

IJ37452s9b is for AIX 7100-05-09 with bos.mp64 fileset level 7.1.5.44.

IJ37012m3a is for AIX 7200-05-03 with bos.mp64 fileset level 7.2.5.103.

IJ37012m3b is for AIX 7200-05-03 with bos.mp64 fileset level 7.2.5.101.

Please reference the Affected Products and Version section above for help with checking installed fileset levels.

VIOS Level

Interim Fix

3.1.1.30

IJ37501m3a.220215.epkg.Z

3.1.1.40

IJ37501m4a.220215.epkg.Z

3.1.1.50

IJ37501m5a.220215.epkg.Z

3.1.2.10

IJ37776m1a.220215.epkg.Z

3.1.2.21

IJ37776m2a.220215.epkg.Z

3.1.3.10

IJ37012m3b.220215.epkg.Z

3.1.3.14

IJ37012m3a.220215.epkg.Z

The fixes are cumulative and address previously issued AIX/VIOS kernel security bulletins with respect to SP and TL, which includes:

To extract the fixes from the tar file:

tar xvf kernel\_fix3.tar

cd kernel\_fix3

Verify you have retrieved the fixes intact:

The checksums below were generated using the "openssl dgst -sha256 \[filename\]" command as the following:

openssl dgst -sha256

filename

10e4ef561cfb0e44a698948eaa3f157c1fbdd22dc6b9095898f813e4e306fa55

IJ37001m1a.220215.epkg.Z

70e53abb9b1b60222a215b04373a79c315d003d5f174f9e1b2fa521bd3201c35

IJ37012m3a.220215.epkg.Z

b575eff5b745fabc369477cec9408e35bfac445d77835ed4df4836ca56fb7cf0

IJ37012m3b.220215.epkg.Z

7c3c4f2aaa7a3624066785211735decfe33bef38c01dff62c3c075f0c4ba535a

IJ37452m7a.220215.epkg.Z

328b6d14775423691f5c3b746367e9fdbd24b71230195b93124e2066be499dc4

IJ37452m8a.220215.epkg.Z

6ffa2ad6d1dff2252b4cc5f6e7dfc1a83d15dedc44e0d35f69bfd7b01aab39b8

IJ37452s9a.220215.epkg.Z

e4c7fffdc340a122e42e3a1ce73a6f20ccf0d045dcd4958bc82b69b08add18d8

IJ37452s9b.220215.epkg.Z

ba1c1b1fbe6c1f6a68b6dd48d0f5e61221751d288e8bb141c5e4c2b806322044

IJ37501m3a.220215.epkg.Z

f0dc84ce2145a301b8e7ddbc0e6335bc93fe6468fafb67dd3b67bf73b535c5df

IJ37501m4a.220215.epkg.Z

467d4747459d37489b2199d57836de3d79a3837b95c2aa29dc35f43fe33bd0ed

IJ37501m5a.220215.epkg.Z

9acb84e45fa3aa0b8d36e9f63d29dcc0e335c0d55351a2a5b8433bd57075dc01

IJ37776m1a.220215.epkg.Z

30e03d25a0657290afb9c04ac1b5b06fd87a8a776dfe037b2d5dd9b92e16c7cd

IJ37776m2a.220215.epkg.Z

These sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes.  If the sums or signatures cannot be confirmed, contact IBM Support at http://ibm.com/support/ and describe the discrepancy.         

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[advisory\_file\].sig \[advisory\_file\]

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[ifix\_file\].sig \[ifix\_file\]

Published advisory OpenSSL signature file location:

**C. FIX AND INTERIM FIX INSTALLATION**

An LPAR system reboot is required to complete the iFix installation, or Live Update may be used on AIX 7.2 to avoid a reboot.

If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

To preview a fix installation:

installp -a -d fix\_name -p all  # where fix\_name is the name of the

                                            # fix package being previewed.

To install a fix package:

installp -a -d fix\_name -X all  # where fix\_name is the name of the

                                            # fix package being installed.

Interim fixes have had limited functional and regression testing but not the full regression testing that takes place for Service Packs; however, IBM does fully support them.

Interim fix management documentation can be found at:

To preview an interim fix installation:

emgr -e ipkg\_name -p         # where ipkg\_name is the name of the

                                         # interim fix package being previewed.

To install an interim fix package:

emgr -e ipkg\_name -X         # where ipkg\_name is the name of the

                                         # interim fix package being installed.

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

23 Feb 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU048","label":"Systems w\\/TPS"},"Product":{"code":"SSSMHJ","label":"PowerVM Virtual I\\/O Server"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"3.1","Edition":""},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"7.1,7.2,7.3","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}\]

CVE-2021-38995: Security Bulletin: Vulnerabilities in the AIX kernel (CVE-2021-38994, CVE-2021-38995)

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack.

Download PDF

> Abstract: We present Alexa versus Alexa (AvA), a novel attack that leverages audio files containing voice commands and audio reproduction methods in an offensive fashion, to gain control of Amazon Echo devices for a prolonged amount of time. AvA leverages the fact that Alexa running on an Echo device correctly interprets voice commands originated from audio files even when they are played by the device itself -- i.e., it leverages a command self-issue vulnerability. Hence, AvA removes the necessity of having a rogue speaker in proximity of the victim's Echo, a constraint that many attacks share. With AvA, an attacker can self-issue any permissible command to Echo, controlling it on behalf of the legitimate user. We have verified that, via AvA, attackers can control smart appliances within the household, buy unwanted items, tamper linked calendars and eavesdrop on the user. We also discovered two additional Echo vulnerabilities, which we call Full Volume and Break Tag Chain. The Full Volume increases the self-issue command recognition rate, by doubling it on average, hence allowing attackers to perform additional self-issue commands. Break Tag Chain increases the time a skill can run without user interaction, from eight seconds to more than one hour, hence enabling attackers to setup realistic social engineering scenarios. By exploiting these vulnerabilities, the adversary can self-issue commands that are correctly executed 99% of the times and can keep control of the device for a prolonged amount of time. We reported these vulnerabilities to Amazon via their vulnerability research program, who rated them with a Medium severity score. Finally, to assess limitations of AvA on a larger scale, we provide the results of a survey performed on a study group of 18 users, and we show that most of the limitations against AvA are hardly used in practice.

**Submission history**

From: Sergio Esposito \[view email\]  
**\[v1\]** Thu, 17 Feb 2022 12:05:09 UTC (596 KB)

Tag

#ios