Authentication Bypass Vulnerability in IBM PowerHA SystemMirror for AIX
CVE-2015-5005

Currently unrated

Key Information:

Vendor: IBM
Status: Powerha System Mirror
Vendor: CVE Published:; 8 November 2015

Summary

The IBM PowerHA SystemMirror contains a vulnerability allowing remote authenticated users to gain elevated privileges through an 'su root' action. This can be exploited by leveraging unauthorized access on the cluster-wide password-change list. Users on AIX versions 6.1 and 7.1 may face significant security risks due to this flaw, potentially allowing unauthorized control over the system.

References

http://aix.software.ibm.com/aix/efixes/security/powerha_a...

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=isg1IV76946

vendor-advisoryx_refsource_AIXAPAR

http://www.securityfocus.com/bid/76948

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Nov 8, 2015
Vulnerability Reserved
Jun 24, 2015