There is a community non-contract support (you ask for help on the AIX Open Source community and when Sanket or Sangamesh can, they push a new/fixed version)
There is also an IBM AIX Support Contract extension for Open Source support that allows you to get support via the normal AIX case process.
Original Message:
Sent: Wed November 15, 2023 05:01 AM
From: Ivan Vávrik
Subject: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability
Thank You Andrew,
I thought aix toolbox did not had IBM support.
------------------------------
Ivan Vávrik
Original Message:
Sent: Wed November 15, 2023 04:00 AM
From: Andrey Klyachkin
Subject: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability
Ivan,
AIX Toolbox is the "official" way for IBM's sudo distribution. If you need sudo BFF package for some reasons, you can download it from the sudo website or build your own. But don't expect any form of support from IBM for 3rd party software.
------------------------------
Andrey Klyachkin
https://www.power-devops.com
Original Message:
Sent: Tue November 14, 2023 09:31 AM
From: Ivan Vávrik
Subject: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability
Hello,
Aix Tool Box is the official way for sudo distribution?
If i remember correctly there was normal .bff package patch distribution same like for java or openssh (MRS).
Does it still exists?
------------------------------
Ivan Vávrik
Original Message:
Sent: Fri March 10, 2023 09:25 AM
From: Sangeetha Bandi
Subject: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability
Hi Enis Demir,
sudo-1.9.13p2 is uploaded to Aix Tool Box.
@
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/SRPMS/sudo
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/SRPMS/sudo_ids
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/SRPMS/sudo_noldap
------------------------------
Sangeetha Bandi
Original Message:
Sent: Wed March 08, 2023 01:03 AM
From: Enis Demir
Subject: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability
Hi Sangeetha Bandi,
Thank you very much for your reply.I'm looking forward to the update
Thanks
------------------------------
Enis Demir
Original Message:
Sent: Tue March 07, 2023 08:00 AM
From: Sangeetha Bandi
Subject: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability
Hi Enis Demir,
Yes CVE-2023-27320 is fixed in sudo-1.9.13p2, which is not available on AIX tool box now. We are building sudo-1.9.13p2, Will update you soon.
------------------------------
Sangeetha Bandi
Original Message:
Sent: Tue March 07, 2023 03:12 AM
From: Enis Demir
Subject: AIX 7.2.5.3 SUDO-CVE-2023-27320 vulnerability
Hello
A security vulnerability has been identified with the CVE-2023-27320 code, which causes the system to crash and can be used to gain unauthorized access to the vulnerable system.
https://www.openwall.com/lists/oss-security/2023/02/28/1
https://www.sudo.ws/releases/stable/#1.9.13p2
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27320
I learned that the vulnerability was fixed with the sudo-1.9.13p2 package. where can i download this package
AIX OS = 7200-05-03-2148
Thanks
------------------------------
Enis Demir
------------------------------