AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

#Power
#Power

View Only

Back to discussions

Expand all | Collapse all

AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

1. AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

Like
Enis Demir
Posted Tue March 07, 2023 07:25 AM

Reply
Hello

A security vulnerability has been identified with the CVE-2023-27320 code, which causes the system to crash and can be used to gain unauthorized access to the vulnerable system.

https://www.openwall.com/lists/oss-security/2023/02/28/1

https://www.sudo.ws/releases/stable/#1.9.13p2

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27320

I learned that the vulnerability was fixed with the sudo-1.9.13p2 package. where can i download this package

AIX OS = 7200-05-03-2148

Thanks

------------------------------
Enis Demir
------------------------------
2. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

Like
Sangeetha Bandi
Posted Tue March 07, 2023 08:00 AM

Reply
Hi Enis Demir,
Yes CVE-2023-27320 is fixed in sudo-1.9.13p2, which is not available on AIX tool box now. We are building sudo-1.9.13p2, Will update you soon.

------------------------------
Sangeetha Bandi
------------------------------
3. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

Like
Enis Demir
Posted Wed March 08, 2023 01:04 AM

Reply
Hi Sangeetha Bandi,

Thank you very much for your reply.I'm looking forward to the update

Thanks

------------------------------
Enis Demir
------------------------------

Original Message
4. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

Like
Sangeetha Bandi
Posted Fri March 10, 2023 09:25 AM

Reply
Hi Enis Demir,

sudo-1.9.13p2 is uploaded to Aix Tool Box.
@
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/SRPMS/sudo
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/SRPMS/sudo_ids
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/SRPMS/sudo_noldap

------------------------------
Sangeetha Bandi
------------------------------

Original Message
5. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

Like
Ivan Vávrik
Posted Tue November 14, 2023 12:23 PM

Reply
Hello,

Aix Tool Box is the official way for sudo distribution?
If i remember correctly there was normal .bff package patch distribution same like for java or openssh (MRS).

Does it still exists?

------------------------------
Ivan Vávrik
------------------------------

Original Message
6. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

Like
Andrey Klyachkin

IBM Champion
Posted Wed November 15, 2023 04:01 AM

Reply
Ivan,

AIX Toolbox is the "official" way for IBM's sudo distribution. If you need sudo BFF package for some reasons, you can download it from the sudo website or build your own. But don't expect any form of support from IBM for 3rd party software.

------------------------------
Andrey Klyachkin

https://www.power-devops.com
------------------------------

Original Message
7. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

Like
Ivan Vávrik
Posted Wed November 15, 2023 05:01 AM

Reply
Thank You Andrew,

I thought aix toolbox did not had IBM support.

------------------------------
Ivan Vávrik
------------------------------

Original Message
8. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

Like
José Pina Coelho
Posted Thu November 16, 2023 06:00 AM

Reply
There is a community non-contract support (you ask for help on the AIX Open Source community and when Sanket or Sangamesh can, they push a new/fixed version)

There is also an IBM AIX Support Contract extension for Open Source support that allows you to get support via the normal AIX case process.

------------------------------
José Pina Coelho
IT Specialist at Kyndryl
------------------------------

Original Message

AIX

AIX

AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

Enis DemirTue March 07, 2023 07:25 AM

Sangeetha BandiTue March 07, 2023 08:00 AM

Enis DemirWed March 08, 2023 01:04 AM

Sangeetha BandiFri March 10, 2023 09:25 AM

Ivan VávrikTue November 14, 2023 12:23 PM

Andrey KlyachkinWed November 15, 2023 04:01 AM

Ivan VávrikWed November 15, 2023 05:01 AM

José Pina CoelhoThu November 16, 2023 06:00 AM

1. AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

2. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

3. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

4. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

5. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

6. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

7. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

8. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

Office

Community Links

IBM Links

AIX

AIX

AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

Enis DemirTue March 07, 2023 07:25 AM

Sangeetha BandiTue March 07, 2023 08:00 AM

Enis DemirWed March 08, 2023 01:04 AM

Sangeetha BandiFri March 10, 2023 09:25 AM

Ivan VávrikTue November 14, 2023 12:23 PM

Andrey KlyachkinWed November 15, 2023 04:01 AM

Ivan VávrikWed November 15, 2023 05:01 AM

José Pina CoelhoThu November 16, 2023 06:00 AM

1. AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

2. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

3. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

4. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

5. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

6. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

7. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

8. RE: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability

Related Content

Using emgr_check_ifixes on AIX 7.3

xgboost installation on Aix 7.2.5.3

CVE-2022-36768 invscout vulnerability and AIX 6.1 and AIX 5.3

CVE-2011-3389 SSLv3.0/TLSv1.0 Vulnerability

vulnerability CVE-2019-15847 and gcc 8.3 AIX7.1

Office

Community Links

IBM Links