Correction: some systems are AIX 5.2. In fact, here's a pattern:
Zero AIX 5.3 systems are affected
Every AIX 5.2 system is affected
________________________________
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Scherff
Sent: Monday, July 09, 2007 11:01 AM
To: [email protected]
Cc: Cliff Barton; [EMAIL PROTECTED]; Jesse Mauntel
Subject: AIX FALSE-POSITIVES
Nessus is now reporting multiple false-positives for AIX 5.3.
The same false-positives are showing up on approximately 20 of our 46
AIX systems.
SECTION 1 below shows the patches Nessus reports missing for a
particular system (extraneous text removed after the first example).
SECTION 2 shows a manual patch audit of the same system. Every single
patch Nessus reported as missing is a false-positive.
SECTION 1
Vulnerability found on port general/tcp
The remote host is missing AIX Critical Security Patch number
IY55789
(SECURITY: Symlink vulnerability in console commands).
You should install this patch for your system to be up-to-date.
Solution : http://www-912.ibm.com/eserver/support/fixes/
Risk factor : High
Nessus ID : 14438
The remote host is missing AIX Critical Security Patch number
IY49883
The remote host is missing AIX Critical Security Patch number
IY64976
The remote host is missing AIX Critical Security Patch number
IY48657
The remote host is missing AIX Critical Security Patch number
IY48873
The remote host is missing AIX Critical Security Patch number
IY49781
The remote host is missing AIX Critical Security Patch number
IY48638
The remote host is missing AIX Critical Security Patch number
IY68464
The remote host is missing AIX Critical Security Patch number
IY48149
The remote host is missing AIX Critical Security Patch number
IY44288
The remote host is missing AIX Critical Security Patch number
IY55682
The remote host is missing AIX Critical Security Patch number
IY51569
The remote host is missing AIX Critical Security Patch number
IY44188
The remote host is missing AIX Critical Security Patch number
IY51775
The remote host is missing AIX Critical Security Patch number
IY45367
The remote host is missing AIX Critical Security Patch number
IY43963
The remote host is missing AIX Critical Security Patch number
IY44178
The remote host is missing AIX Critical Security Patch number
IY46086
The remote host is missing AIX Critical Security Patch number
IY64355
The remote host is missing AIX Critical Security Patch number
IY45329
The remote host is missing AIX Critical Security Patch number
IY53519
The remote host is missing AIX Critical Security Patch number
IY59206
The remote host is missing AIX Critical Security Patch number
IY44716
The remote host is missing AIX Critical Security Patch number
IY43806
The remote host is missing AIX Critical Security Patch number
IY44175
The remote host is missing AIX Critical Security Patch number
IY45453
The remote host is missing AIX Critical Security Patch number
IY53552
The remote host is missing AIX Critical Security Patch number
IY51518
The remote host is missing AIX Critical Security Patch number
IY64523
The remote host is missing AIX Critical Security Patch number
IY44183
The remote host is missing AIX Critical Security Patch number
IY44192
The remote host is missing AIX Critical Security Patch number
IY46702
The remote host is missing AIX Critical Security Patch number
IY44190
The remote host is missing AIX Critical Security Patch number
IY44810
The remote host is missing AIX Critical Security Patch number
IY44701
The remote host is missing AIX Critical Security Patch number
IY44530
The remote host is missing AIX Critical Security Patch number
IY50452
The remote host is missing AIX Critical Security Patch number
IY70027
The remote host is missing AIX Critical Security Patch number
IY52242
The remote host is missing AIX Critical Security Patch number
IY44203
The remote host is missing AIX Critical Security Patch number
IY44211
SECTION 2
> for each in `cat poo.list`
> do
> instfix -ivk $each
> done
IY55789 Abstract: symlink vulnerability in console commands
Fileset bos.rte.console:5.2.0.11 is applied on the system.
Fileset bos.rte.serv_aid:5.2.0.31 is applied on the system.
All filesets for IY55789 were found.
IY49883 Abstract: SECURITY: aniti-cache poison techniques to
negative answers
Fileset bos.net.tcp.server:5.2.0.16 is applied on the
system.
All filesets for IY49883 were found.
IY64976 Abstract: Security vulnerability in lsvpd
Fileset bos.rte.methods:5.2.0.52 is applied on the system.
All filesets for IY64976 were found.
IY48657 Abstract: Sendmail prescan() vulnerability.
Fileset bos.net.tcp.client:5.2.0.15 is applied on the
system.
All filesets for IY48657 were found.
IY48873 Abstract: Method error when running cfgmgr
Fileset devices.pci.14106602.rte:5.2.0.12 is applied on the
system.
Fileset devices.pci.14107802.rte:5.2.0.2 is applied on the
system.
All filesets for IY48873 were found.
IY49781 Abstract: Coredump in libc while running SAP
applications
Fileset bos.adt.prof:5.2.0.16 is applied on the system.
Fileset bos.rte.libc:5.2.0.16 is applied on the system.
All filesets for IY49781 were found.
IY48638 Abstract: find -mtime does not select all applicable
files
Fileset bos.rte.commands:5.2.0.14 is applied on the system.
All filesets for IY48638 were found.
IY68464 Abstract: SECURITY: Local root exploits in perl 5.8.x
Fileset perl.rte:5.8.0.11 is applied on the system.
All filesets for IY68464 were found.
IY48149 Abstract: AUTOFS: SYSTEM CRASH IN AIX2ONC_RELE
Fileset bos.net.nfs.client:5.2.0.15 is applied on the
system.
All filesets for IY48149 were found.
IY44288 Abstract: Memory overlay in FCP driver
Fileset devices.pci.df1000f7.com:5.2.0.11 is applied on the
system.
All filesets for IY44288 were found.
IY55682 Abstract: SECURITY: Possible buffer overflow in putlvcb
command
Fileset bos.rte.lvm:5.2.0.31 is applied on the system.
All filesets for IY55682 were found.
IY51569 Abstract: packet trace shows pauses before resuming send
Fileset bos.net.tcp.client:5.2.0.30 is applied on the
system.
All filesets for IY51569 were found.
IY44188 Abstract: System dump on reboot after nim install
Fileset bos.sysmgt.serv_aid:5.2.0.11 is applied on the
system.
All filesets for IY44188 were found.
IY51775 Abstract: GATED DELETES BROADCAST ROUTES
Fileset bos.net.tcp.client:5.2.0.30 is applied on the
system.
All filesets for IY51775 were found.
IY45367 Abstract: file command modifies mtime, ctime and atime
of files
Fileset bos.rte.commands:5.2.0.11 is applied on the system.
All filesets for IY45367 were found.
IY43963 Abstract: crash in find_dir_name
Fileset bos.mp:5.2.0.12 is applied on the system.
Fileset bos.mp64:5.2.0.12 is applied on the system.
Fileset bos.up:5.2.0.12 is applied on the system.
All filesets for IY43963 were found.
IY44178 Abstract: setlocale() does not change LC_MONETARY items
Fileset bos.adt.prof:5.2.0.11 is applied on the system.
Fileset bos.rte.libc:5.2.0.11 is applied on the system.
All filesets for IY44178 were found.
IY46086 Abstract: File ops through Desc & Stream causes
problems.
Fileset bos.adt.prof:5.2.0.13 is applied on the system.
Fileset bos.rte.libc:5.2.0.13 is applied on the system.
All filesets for IY46086 were found.
IY64355 Abstract: SECURITY: Possible security exposure in chcod
command
Fileset devices.chrp.base.rte:5.2.0.52 is applied on the
system.
All filesets for IY64355 were found.
IY45329 Abstract: SECURITY: Format string vulnerability in
/usr/bin/enq & LP
Fileset bos.rte.printers:5.2.0.11 is applied on the system.
All filesets for IY45329 were found.
IY53519 Abstract: SECURITY: Buffer overflow in X-Windows font
library
Fileset X11.apps.rte:5.2.0.30 is applied on the system.
Fileset X11.base.rte:5.2.0.30 is applied on the system.
Fileset X11.fnt.fontServer is not applied on the system.
All filesets for IY53519 were found.
IY59206 Abstract: /sbin/rc.boot insecurely handles temporary
files.
Fileset bos.alt_disk_install.rte:5.2.0.41 is applied on the
system.
Fileset bos.rte.boot:5.2.0.41 is applied on the system.
Fileset bos.rte.install:5.2.0.41 is applied on the system.
All filesets for IY59206 were found.
IY44716 Abstract: HANG DUE TO LOOPING IN IPINTR
Fileset bos.net.tcp.client:5.2.0.12 is applied on the
system.
All filesets for IY44716 were found.
IY43806 Abstract: Data corruption while building large database
Fileset devices.fcp.disk.array.rte:5.2.0.11 is applied on
the system.
All filesets for IY43806 were found.
IY44175 Abstract: Programs using the RPC svcfs_create interface
may hang
Fileset bos.adt.prof:5.2.0.11 is applied on the system.
Fileset bos.rte.libc:5.2.0.11 is applied on the system.
All filesets for IY44175 were found.
IY45453 Abstract: FED LoadL_startd hangs when canceling process
scope thread
Fileset bos.adt.prof:5.2.0.12 is applied on the system.
Fileset bos.rte.libpthreads:5.2.0.12 is applied on the
system.
All filesets for IY45453 were found.
IY53552 Abstract: date command cannot set February 29 of a leap
year
Fileset bos.rte.date:5.2.0.30 is applied on the system.
All filesets for IY53552 were found.
IY51518 Abstract: Stale RPI leads to bad PDISCs.
Fileset devices.pci.df1000f7.com:5.2.0.30 is applied on the
system.
All filesets for IY51518 were found.
IY64523 Abstract: Security vulnerability in diag. commands.
Fileset bos.rte.diag:5.2.0.51 is applied on the system.
All filesets for IY64523 were found.
IY44183 Abstract: LL/POE bmaxdata jobs fail due to changed hard
stack limit
Fileset bos.mp:5.2.0.11 is applied on the system.
Fileset bos.mp64:5.2.0.11 is applied on the system.
Fileset bos.up:5.2.0.11 is applied on the system.
All filesets for IY44183 were found.
IY44192 Abstract: YPXFR BACKWARDS COMPATIBILITY
Fileset bos.net.nis.server:5.2.0.11 is applied on the
system.
All filesets for IY44192 were found.
IY46702 Abstract: CRASH IN REMQUE
Fileset bos.net.tcp.client:5.2.0.13 is applied on the
system.
All filesets for IY46702 were found.
IY44190 Abstract: nfs acl's fail on 64 bit kernel
Fileset bos.net.nfs.client:5.2.0.11 is applied on the
system.
All filesets for IY44190 were found.
IY44810 Abstract: DSI in bmRecycle
Fileset bos.mp:5.2.0.12 is applied on the system.
Fileset bos.mp64:5.2.0.12 is applied on the system.
Fileset bos.up:5.2.0.12 is applied on the system.
All filesets for IY44810 were found.
IY44701 Abstract: Problems with pax command with multiple
listopt options
Fileset bos.rte.archive:5.2.0.11 is applied on the system.
All filesets for IY44701 were found.
IY44530 Abstract: NFS:NFSO -H SM_REGISTER <HOSTNAME> GIVES ERROR
Fileset bos.net.nfs.client:5.2.0.12 is applied on the
system.
All filesets for IY44530 were found.
IY50452 Abstract: LQUERYVG CAN FAIL FOR A BIGVG
Fileset bos.rte.lvm:5.2.0.17 is applied on the system.
All filesets for IY50452 were found.
IY70027 Abstract: Attacks against TCP via ICMP
Fileset bos.net.tcp.client:5.2.0.61 is applied on the
system.
Fileset bos.perf.tune:5.2.0.61 is applied on the system.
All filesets for IY70027 were found.
IY52242 Abstract: logredo core dump if j2 log greater than 2GB
Fileset bos.rte.filesystem:5.2.0.30 is applied on the
system.
Fileset bos.adt.include:5.2.0.30 is applied on the system.
All filesets for IY52242 were found.
IY44203 Abstract: syslogd core dumps if required rotation of
multiple logfile
Fileset bos.net.tcp.client:5.2.0.11 is applied on the
system.
All filesets for IY44203 were found.
IY44211 Abstract: filemon failures on 64 bit kernel
Fileset bos.perf.tools:5.2.0.11 is applied on the system.
All filesets for IY44211 were found.
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
