IBM AIX and VIOS Improper Process Control Vulnerability Allowing Arbitrary Command Execution

A vulnerability in IBM AIX versions 7.2 and 7.3, as well as IBM VIOS versions 3.1 and 4.1, could enable a remote attacker to execute arbitrary commands. This issue arises from improper process controls in the NIM server (nimesis) service, creating additional attack vectors for a previously addressed vulnerability. The flaw is exploitable when an attacker can establish network connectivity to the affected host.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the affected system.

Remediation

Users can download the necessary fixes for AIX and VIOS from the IBM AIX efixes security directory. The fixes for NIM server and NIM client are available as interim fix packages, which can be installed using the AIX or VIOS interim fix management tools. Instructions for verifying the integrity of the downloaded fix packages are also provided.