If attackers successfully exploit vulnerabilities in IBM AIX/VIOS and DataPower Gateway, malicious code can get onto systems and compromise them. Updates close the vulnerabilities.
To date, there have been no reports of attackers targeting the Unix operating system AIX or the security and integration platform DataPower Gateway. However, administrators should not wait too long to install the security patches.
Possible attacks
Because the Perl implementation in AIX/VIOS is faulty, attackers can exploit a vulnerability (CVE-2025-33112 “high”). The security problem is that path name inputs are not sufficiently sanitized, so that local attackers can use prepared inputs at this point. If such an attack succeeds, malicious code is executed. Afterwards, computers are usually considered fully compromised.
In a warning message about this vulnerability, the developers describe how to install the security update.
As can be seen from a post, the developers have closed countless security gaps in DataPower Gateway, the list of which goes beyond the scope of this message. They all affect the system’s Linux kernel. The majority of the vulnerabilities are classified as “medium” threat level. Several vulnerabilities classified as “high” (e.g. CVE-2024-26704) allow malicious code to reach systems.
Security updates are available
The developers state that versions 10.6.1.0 up to and including 10.6.3.0 are threatened by the vulnerabilities. They assure that they have closed the gaps in version 10.6.4.0.
(des)
Don’t miss any news – follow us on
Facebook,
LinkedIn or
Mastodon.
This article was originally published in
German.
It was translated with technical assistance and editorially reviewed before publication.
Dieser Link ist leider nicht mehr gültig.
Links zu verschenkten Artikeln werden ungültig,
wenn diese älter als 7 Tage sind oder zu oft aufgerufen wurden.
Sie benötigen ein heise+ Paket, um diesen Artikel zu lesen. Jetzt eine Woche unverbindlich testen – ohne Verpflichtung!
