IBM AIX and VIOS Path Traversal Vulnerability in NIM Server Service

A path traversal vulnerability has been identified in the IBM AIX NIM server service (nimesis) on AIX versions 7.2, 7.3, and VIOS versions 3.1 and 4.1. This vulnerability could allow a remote attacker to traverse directories on the system by sending a specially crafted URL request, potentially leading to the writing of arbitrary files on the system.

Impact

Exploitation of this vulnerability could result in unauthorized directory traversal, allowing attackers to access restricted files or directories. Additionally, this vulnerability could be exploited to write arbitrary files on the system, potentially leading to further exploitation or disruption of system operations.

Remediation

Users can apply the available interim fixes for this vulnerability. For AIX NIM server, the interim fix packages can be downloaded from the IBM AIX efixes security repository. VIOS users can also obtain the necessary interim fix packages from the same repository. Instructions for verifying and installing these interim fix packages are provided in the AIX Security Bulletin.