Can you explain this vulnerability to me?

This vulnerability in IBM AIX 7.3 and IBM VIOS 4.1.1 affects the Perl implementation and allows a non-privileged local user to execute arbitrary code. It occurs due to improper neutralization of pathname input, which is a type of relative path traversal (CWE-23). This means an attacker can manipulate file paths to execute commands they should not have access to. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

The vulnerability can have a high impact on confidentiality, integrity, and availability of the affected system. Since it allows arbitrary code execution by a non-privileged local user without requiring user interaction, an attacker could gain unauthorized access, modify or delete data, and disrupt system operations. [1]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect if your system is affected by verifying the installed Perl fileset version on IBM AIX or VIOS. Use the command `lslpp -L | grep -i perl.rte` to check the Perl fileset version. Affected versions are from 5.38.0.0 up to 5.38.2.0. If your installed version falls within this range, your system is vulnerable. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the fixes provided by IBM. Download the fix package `perl_fix9.tar` from https://aix.software.ibm.com/aix/efixes/security/perl_fix9.tar. Before installation, create a bootable and readable mksysb backup. You can preview the installation with `installp -apYd .perl` and install with `installp -aXYd .perl`. Alternatively, interim fixes can be managed using the `emgr` tool with commands like `emgr -e ipkg_name -p` to preview and `emgr -e ipkg_name -X` to install. No workarounds or other mitigations are provided, so applying the fix is strongly recommended. [1]

Useful 0 Not Useful 0