AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.


#Power
#Power
 View Only
Back to discussions
Expand all | Collapse all

Quick security bulletin:  AIX is vulnerable to a DoS due to libxml2 (CVE-2022-49043)

  • 1.  Quick security bulletin:  AIX is vulnerable to a DoS due to libxml2 (CVE-2022-49043)

    Posted Mon April 28, 2025 03:13 AM
    Edited by Carlo Castillo Tue May 06, 2025 02:27 AM

    AIX uses libxml2 as part of its XML parsing functions, hence, AIX is exposed to a possible denial of service attack due to a vulnerability in libxml2 described in the said CVE record.  This may affect the following AIX and VIO Server versions:

    - AIX 7.3

    - AIX 7.2

    - VIOS 4.1

    - VIOS 3.1


    The following filesets are affected:

    Fileset                   Lower Level       Upper Level

    bos.rte.control      7.2.5.0                7.2.5.204 

    bos.rte.control      7.3.1.0                7.3.1.3 

    bos.rte.control      7.3.2.0                7.3.2.2 

    bos.rte.control      7.3.3.0                7.3.3.0


    Run lslpp -L | grep -i bos.rte.control to see whether you have these filesets on your system.

    EDIT:
    Updated CVE description found here. Remediation/fixes found here.

    ------------------------------
    Carlo Castillo
    Client Services Manager
    IBM Redbooks Gold Author
    ------------------------------



  • 2.  RE: Quick security bulletin:  AIX is vulnerable to a DoS due to libxml2 (CVE-2022-49043)

    Posted Tue April 29, 2025 05:55 AM

    Is there any port listening that processes XML input, or is this just a local attack vector ?



    ------------------------------
    José Pina Coelho
    IT Specialist at Kyndryl
    ------------------------------



  • 3.  RE: Quick security bulletin:  AIX is vulnerable to a DoS due to libxml2 (CVE-2022-49043)

    Posted Wed April 30, 2025 02:14 PM

    I don't think there is anything listening for XML so I think this is local but you can run genld -ld to see if it is loaded and if it is not just patch.

    Run on AIX 7200-05-09-2446

    for DIR in `echo ${PATH} | tr ':' ' '` ; do
    cd ${DIR}
        for FILE in `ls` ; do
            if [ -x ${FILE} ] ; then
                /usr/bin/ldd ${FILE} 2>/dev/null | grep -E "needs:|xml"
            fi
        done 
    done

    armsrv needs:
             /usr/lib/libxml2.a(libxml2.so.2)
    armsrvconv needs:
             /usr/lib/libxml2.a(libxml2.so.2)
    artexdiff needs:
             /usr/ccs/lib/libxml2.a(libxml2.so.2)
    artexget needs:
             /usr/ccs/lib/libxml2.a(libxml2.so.2)
    artexlist needs:
             /usr/ccs/lib/libxml2.a(libxml2.so.2)
    artexmerge needs:
             /usr/ccs/lib/libxml2.a(libxml2.so.2)
    artexset needs:
             /usr/ccs/lib/libxml2.a(libxml2.so.2)
    ecpvdpd needs:
             /usr/lib/libxml2.a(libxml2.so.2)
    ksys_vmmond needs:
             /usr/lib/libxml2.a(libxml2.so.2)
    lvup_ifix_helper needs:
             /usr/lib/libxml2.a(libxml2.so.2)
    lvup_sock_helper needs:
             /usr/lib/libxml2.a(libxml2.so.2)
    lvupdate needs:
             /usr/lib/libxml2.a(libxml2.so.2)
    lvupdateDiskOp needs:
             /usr/lib/libxml2.a(libxml2.so.2)
    lvupdateLed needs:
             /usr/lib/libxml2.a(libxml2.so.2)
    lvupdatePreview needs:
             /usr/lib/libxml2.a(libxml2.so.2)
    olvupdate needs:
             /usr/lib/libxml2.a(libxml2.so.2)
    slvupdate needs:
             /usr/lib/libxml2.a(libxml2.so.2)
    vmmgr needs:
             /usr/ccs/lib/libxml2.a(libxml2.so.2)
    clcloudroha needs:
             /usr/lib/libxml2.a(libxml2.shr.o)
    clreserveip needs:
             /usr/lib/libxml2.a(libxml2.shr.o)
    clrest needs:
             /usr/lib/libxml2.a(libxml2.shr.o)



    ------------------------------
    Alexander Pettitt
    ------------------------------

    Original Message


  • 4.  RE: Quick security bulletin:  AIX is vulnerable to a DoS due to libxml2 (CVE-2022-49043)

    Posted Mon May 05, 2025 08:39 AM

    Hi!

    According to the announcement, the attack vector is local, not network:

    CVSS Vector:   (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

    If something was listening, it would be AV:N for network.

    Best regards,

      Alexander



    ------------------------------
    Alexander Reichle-Schmehl
    ------------------------------

    Original Message


  • 5.  RE: Quick security bulletin:  AIX is vulnerable to a DoS due to libxml2 (CVE-2022-49043)

    Posted Mon May 05, 2025 11:42 AM

    Thanks.  That helps.



    ------------------------------
    José Pina Coelho
    IT Specialist at Kyndryl
    ------------------------------

    Original Message


  • 6.  RE: Quick security bulletin:  AIX is vulnerable to a DoS due to libxml2 (CVE-2022-49043)

    Posted Tue April 29, 2025 09:03 AM

    More info is found on IBM Support at this link. 

    Dead link.



    ------------------------------
    Jack Woehr
    Senior Consultant
    Seiden Group LLC
    Beulah CO
    3038478442
    ------------------------------



  • 7.  RE: Quick security bulletin:  AIX is vulnerable to a DoS due to libxml2 (CVE-2022-49043)

    Posted Tue May 06, 2025 02:28 AM

    Thanks.  Edited the links in the OP.



    ------------------------------
    Carlo Castillo
    Client Services Manager
    IBM Redbooks Gold Author
    ------------------------------

    Original Message


  • 8.  RE: Quick security bulletin:  AIX is vulnerable to a DoS due to libxml2 (CVE-2022-49043)

    Posted Tue April 29, 2025 09:07 AM


    The CVE description is found here.

    Dead link.



    ------------------------------
    Jack Woehr
    Senior Consultant
    Seiden Group LLC
    Beulah CO
    3038478442
    ------------------------------



  • 9.  RE: Quick security bulletin:  AIX is vulnerable to a DoS due to libxml2 (CVE-2022-49043)

    Posted Tue April 29, 2025 09:47 AM

    This CVE has been addressed. Please refer the following link for more information.

    https://www.ibm.com/support/pages/node/7231815



    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


  • 10.  RE: Quick security bulletin:  AIX is vulnerable to a DoS due to libxml2 (CVE-2022-49043)

    Posted Tue May 06, 2025 02:29 AM

    Thanks.  Edited the links in the OP.



    ------------------------------
    Carlo Castillo
    Client Services Manager
    IBM Redbooks Gold Author
    ------------------------------

    Original Message


Related Content