Question & Answer
Question
My security scanner reports that my system is missing APARs from old releases. Is my system vulnerable?
Answer
First, review the report for CVE and APAR details.
- An APAR is a record of a problem reported with AIX.
- APARs are associated with the fix for that problem.
- Each APAR applies to a specific Technology Level.
- If the problem is reported, or fixed on an existing Technology Level, a different APAR number is associated with that level.
If the APAR number is not included, the CVE announcements might provide more clues.
Let's examine CVE-2004-0368:
An internet search results in multiple CVE tracking pages.
For example, https://www.kb.cert.org/vuls/id/179804
- The identifier indicates this CVE was announced in 2004.
- None of the currently supported AIX versions were available in 2004.
- The CVE affected AIX versions 4.3.3, 5.1.0, and 5.2.0.
- APAR number for AIX 4.3.3: IY55362
- APAR number for AIX 5.1.0: IY55361
- APAR number for AIX 5.2.0: IY55360
There is no resolving APAR for 6.1 and later releases, because the fixes for 5.2 were built in to the new AIX 6.1 release.
In summary:
- Subsequent releases inherit fixes, so there are no associated APARs included in a new release.
- If your scanning software reports vulnerabilities for old AIX releases that are no longer supported, check with the tool provider for an updated fix database.
| SUPPORT |
|---|
|
**AIX Support does not make specific recommendations to harden your system. Security configuration (for example. RBAC, Trusted AIX, AIX Security Expert, ACLs, auditing) involves comprehensive features. Most of these features require advanced review and planning by administrators who are familiar with all of their system requirements.**
Security consultation and customizations are out of the scope of AIX Support. However, if you have specific questions about the documented usage, we are happy to assist. If you require consulting services, there are fee-based services available.
See how technical questions (Q&A) are handled by IBM Support:
https://www.ibm.com/support/pages/node/796206 Read more about IBM Technology Services (Formerly Systems Lab Services)
- See more details about AIX, Linux, and Red Hat OpenShift Security Services
https://www.ibm.com/support/pages/node/6584155 If you require more assistance, use the following step-by-step instructions to contact IBM to open a case for software with an active and valid support contract.
1. Document (or collect screen captures of) all symptoms, errors, and messages related to your issue.
2. Capture any logs or data relevant to the situation.
3. Contact IBM to open a case:
-For electronic support, see the IBM Support Community:
https://www.ibm.com/mysupport -If you require telephone support, see the web page: https://www.ibm.com/planetwide/ 4. Provide a clear, concise description of the issue.
5. If the system is accessible, collect a system snap, and upload all of the details and data for your case.
- For guidance, see: Working with IBM AIX Support: Collecting snap data
|
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvzhAAA","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
01 February 2023
UID
ibm16556724