Vulnerability Note VU#640827
IBM AIX Parallel Systems Support Program (PSSP) contains vulnerability in File Collections subsystem allowing arbitrary access to sensitive configuration files
IBM AIX Parallel Systems Support Programs (PSSP) contains a vulnerability allowing unauthorized access to files in valid file collections.
IBM PSSP software is used to provide a central point of management control for a cluster of RS/6000 SP nodes and IBM pSeries and IBM RS/6000 servers running AIX.
Intruders may be able to gain access to files that are included in a valid file collection on the SP system's control workstation, including AIX system configuration and security database files.
Obtain and apply the fix on all SP system control workstations and nodes as soon as possible. See the instructions below for obtaining the appropriate PTF(s) containing the fix for each release of PSSP.
Follow the instructions in the appropriate README file to enable secure file collections.
A workaround to the vulnerability is to disable the File Collections subsystem, until such time that the fix can be applied or the software upgraded to a supported release.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|IBM||Affected||-||28 Mar 2002|
CVSS Metrics (Learn More)
This document was written by Shawn V. Hernan.
- CVE IDs: Unknown
- Date Public: 01 Apr 2002
- Date First Published: 01 Apr 2002
- Date Last Updated: 23 Feb 2004
- Severity Metric: 10.13
- Document Revision: 4
If you have feedback, comments, or additional information about this vulnerability, please send us email.