IBM Power Connect, learn, share, and engage with IBMPower. Join / Log in
A security vulnerability has been identified with the CVE-2023-27320 code, which causes the system to crash and can be used to gain unauthorized access to the vulnerable system.
I learned that the vulnerability was fixed with the sudo-1.9.13p2 package. where can i download this package
AIX OS = 7200-05-03-2148
Hi Enis Demir,Yes CVE-2023-27320 is fixed in sudo-1.9.13p2, which is not available on AIX tool box now. We are building sudo-1.9.13p2, Will update you soon.
Hi Sangeetha Bandi,
Thank you very much for your reply.I'm looking forward to the update
Hi Enis Demir,sudo-1.9.13p2 is uploaded to Aix Tool Box. @ https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/SRPMS/sudohttps://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/SRPMS/sudo_idshttps://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/SRPMS/sudo_noldap
Aix Tool Box is the official way for sudo distribution?If i remember correctly there was normal .bff package patch distribution same like for java or openssh (MRS).
Does it still exists?
------------------------------Sangeetha BandiOriginal Message:Sent: Wed March 08, 2023 01:03 AMFrom: Enis DemirSubject: AIX 220.127.116.11 SUDO-CVE-2023-27320 vulnerability
AIX Toolbox is the "official" way for IBM's sudo distribution. If you need sudo BFF package for some reasons, you can download it from the sudo website or build your own. But don't expect any form of support from IBM for 3rd party software.
Thank You Andrew,
I thought aix toolbox did not had IBM support.
There is a community non-contract support (you ask for help on the AIX Open Source community and when Sanket or Sangamesh can, they push a new/fixed version)There is also an IBM AIX Support Contract extension for Open Source support that allows you to get support via the normal AIX case process.