Message Image

Log in

Skip to main content (Press Enter).

Skip auxiliary navigation (Press Enter).

IBM Power

Connect, learn, share, and engage with IBM Power.

Skip main navigation (Press Enter).

AIX Open Source

View Only

Expand all | Collapse all

CVE-2023-36328 tcl vulnerability

Hans Christian Riksheim6 days ago

Anyone with insights into this? We asked IBM Support under what circumstances a server is vulnerable ...

Ranjit Ranjan6 days ago

Hi This issue related to libtommath library and tcl server/service will be using this library for ...

1. CVE-2023-36328 tcl vulnerability

0 Like
Hans Christian Riksheim
Posted 6 days ago

Reply
Anyone with insights into this? We asked IBM Support under what circumstances a server is vulnerable ie which service/port and they referred to this group.

Currently we are scrambling to have the patch implemented as quick as possible without knowing for sure if this panic is warranted.

Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2023-36328) due to tcl

Regards,

Hans Chr. Riksheim

------------------------------
Hans Christian Riksheim
------------------------------
2. RE: CVE-2023-36328 tcl vulnerability

0 Like
Ranjit Ranjan
Posted 6 days ago

Reply
Hi

This issue related to libtommath library and tcl server/service will be using this library for math related operations. So without understanding code base, it's not easy list out the vulnerable use case or how reporter of this issue exploited the relevant API's.
AS CVE score is high, I would recommend to install the patch.

Thanks
Ranjit

------------------------------
Ranjit Ranjan
------------------------------

Original Message

Powered by Higher Logic