What is the severity of CVE-2016-8972?

CVE-2016-8972 is considered a high severity vulnerability as it allows a local user to gain root privileges.

How do I fix CVE-2016-8972?

To fix CVE-2016-8972, update your IBM AIX or IBM VIOS system to the latest security patches provided by IBM.

What versions are affected by CVE-2016-8972?

CVE-2016-8972 affects IBM AIX versions 6.1, 7.1, 7.2 and various versions of IBM VIOS.

Who is impacted by CVE-2016-8972?

Local users on systems running the affected versions of IBM AIX and VIOS are potentially impacted by CVE-2016-8972.

What does CVE-2016-8972 exploit?

CVE-2016-8972 exploits a vulnerability within the bellmail client allowing unauthorized root access.

Vulnerability/
CVE-2016-8972

high

7.8

CWE

264

15/2/2017

6/8/2024

CVE-2016-8972

First published: Wed Feb 15 2017(Updated: )

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM AIX	=6.1
IBM AIX	=7.1
IBM AIX	=7.2
IBM Virtual I/O Server (VIOS)	=2.2.0.0
IBM Virtual I/O Server (VIOS)	=2.2.0.10
IBM Virtual I/O Server (VIOS)	=2.2.0.11
IBM Virtual I/O Server (VIOS)	=2.2.0.12
IBM Virtual I/O Server (VIOS)	=2.2.0.13
IBM Virtual I/O Server (VIOS)	=2.2.1.0
IBM Virtual I/O Server (VIOS)	=2.2.1.1
IBM Virtual I/O Server (VIOS)	=2.2.1.3
IBM Virtual I/O Server (VIOS)	=2.2.1.4
IBM Virtual I/O Server (VIOS)	=2.2.1.5
IBM Virtual I/O Server (VIOS)	=2.2.1.6
IBM Virtual I/O Server (VIOS)	=2.2.1.7
IBM Virtual I/O Server (VIOS)	=2.2.1.8
IBM Virtual I/O Server (VIOS)	=2.2.2.0
IBM Virtual I/O Server (VIOS)	=2.2.2.1
IBM Virtual I/O Server (VIOS)	=2.2.2.2
IBM Virtual I/O Server (VIOS)	=2.2.2.3
IBM Virtual I/O Server (VIOS)	=2.2.2.4
IBM Virtual I/O Server (VIOS)	=2.2.2.6
IBM Virtual I/O Server (VIOS)	=2.2.2.70
IBM Virtual I/O Server (VIOS)	=2.2.3.0
IBM Virtual I/O Server (VIOS)	=2.2.3.1
IBM Virtual I/O Server (VIOS)	=2.2.3.2
IBM Virtual I/O Server (VIOS)	=2.2.3.3
IBM Virtual I/O Server (VIOS)	=2.2.3.4
IBM Virtual I/O Server (VIOS)	=2.2.3.50
IBM Virtual I/O Server (VIOS)	=2.2.3.51
IBM Virtual I/O Server (VIOS)	=2.2.3.52
IBM Virtual I/O Server (VIOS)	=2.2.3.60
IBM Virtual I/O Server (VIOS)	=2.2.3.70
IBM Virtual I/O Server (VIOS)	=2.2.3.80
IBM Virtual I/O Server (VIOS)	=2.2.4.0
IBM Virtual I/O Server (VIOS)	=2.2.4.10
IBM Virtual I/O Server (VIOS)	=2.2.4.21
IBM Virtual I/O Server (VIOS)	=2.2.4.22
IBM Virtual I/O Server (VIOS)	=2.2.4.23
IBM Virtual I/O Server (VIOS)	=2.2.4.30
IBM Virtual I/O Server (VIOS)	=2.2.5.0
IBM Virtual I/O Server (VIOS)	=2.2.5.10

Remedy

http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-8972?
CVE-2016-8972 is considered a high severity vulnerability as it allows a local user to gain root privileges.
How do I fix CVE-2016-8972?
To fix CVE-2016-8972, update your IBM AIX or IBM VIOS system to the latest security patches provided by IBM.
What versions are affected by CVE-2016-8972?
CVE-2016-8972 affects IBM AIX versions 6.1, 7.1, 7.2 and various versions of IBM VIOS.
Who is impacted by CVE-2016-8972?
Local users on systems running the affected versions of IBM AIX and VIOS are potentially impacted by CVE-2016-8972.
What does CVE-2016-8972 exploit?
CVE-2016-8972 exploits a vulnerability within the bellmail client allowing unauthorized root access.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/weakness
agent/remedy
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm aix
version/ibm aix/6.1
version/ibm aix/7.1
version/ibm aix/7.2
canonical/ibm virtual i/o server (vios)
version/ibm virtual i/o server (vios)/2.2.0.0
version/ibm virtual i/o server (vios)/2.2.0.10
version/ibm virtual i/o server (vios)/2.2.0.11
version/ibm virtual i/o server (vios)/2.2.0.12
version/ibm virtual i/o server (vios)/2.2.0.13
version/ibm virtual i/o server (vios)/2.2.1.0
version/ibm virtual i/o server (vios)/2.2.1.1
version/ibm virtual i/o server (vios)/2.2.1.3
version/ibm virtual i/o server (vios)/2.2.1.4
version/ibm virtual i/o server (vios)/2.2.1.5
version/ibm virtual i/o server (vios)/2.2.1.6
version/ibm virtual i/o server (vios)/2.2.1.7
version/ibm virtual i/o server (vios)/2.2.1.8
version/ibm virtual i/o server (vios)/2.2.2.0
version/ibm virtual i/o server (vios)/2.2.2.1
version/ibm virtual i/o server (vios)/2.2.2.2
version/ibm virtual i/o server (vios)/2.2.2.3
version/ibm virtual i/o server (vios)/2.2.2.4
version/ibm virtual i/o server (vios)/2.2.2.6
version/ibm virtual i/o server (vios)/2.2.2.70
version/ibm virtual i/o server (vios)/2.2.3.0
version/ibm virtual i/o server (vios)/2.2.3.1
version/ibm virtual i/o server (vios)/2.2.3.2
version/ibm virtual i/o server (vios)/2.2.3.3
version/ibm virtual i/o server (vios)/2.2.3.4
version/ibm virtual i/o server (vios)/2.2.3.50
version/ibm virtual i/o server (vios)/2.2.3.51
version/ibm virtual i/o server (vios)/2.2.3.52
version/ibm virtual i/o server (vios)/2.2.3.60
version/ibm virtual i/o server (vios)/2.2.3.70
version/ibm virtual i/o server (vios)/2.2.3.80
version/ibm virtual i/o server (vios)/2.2.4.0
version/ibm virtual i/o server (vios)/2.2.4.10
version/ibm virtual i/o server (vios)/2.2.4.21
version/ibm virtual i/o server (vios)/2.2.4.22
version/ibm virtual i/o server (vios)/2.2.4.23
version/ibm virtual i/o server (vios)/2.2.4.30
version/ibm virtual i/o server (vios)/2.2.5.0
version/ibm virtual i/o server (vios)/2.2.5.10