IBM AIX Parallel Systems Support Programs (PSSP) contains a vulnerability allowing unauthorized access to files in valid file collections.
IBM PSSP software is used to provide a central point of management control for a cluster of RS/6000 SP nodes and IBM pSeries and IBM RS/6000 servers running AIX.
Intruders may be able to gain access to files that are included in a valid file collection on the SP system's control workstation, including AIX system configuration and security database files.
Obtain and apply the fix on all SP system control workstations and nodes as soon as possible. See the instructions below for obtaining the appropriate PTF(s) containing the fix for each release of PSSP.
Follow the instructions in the appropriate README file to enable secure file collections.
A workaround to the vulnerability is to disable the File Collections subsystem, until such time that the fix can be applied or the software upgraded to a supported release.
This document was written by Shawn V. Hernan.
|Date First Published:||2002-04-02|
|Date Last Updated:||2004-02-23 22:40 UTC|