MENU

IBM iとRDiのネットワーキング/コンパイラ・インフラストラクチャに特権昇格を受ける脆弱性 ~CVSS基本スコアは8.4(重要)、CVE-2024-25050

IBMは4月27日、IBM Rational Development Studio for i(RDi)に特権昇格を受ける脆弱性がある、と発表した。

影響を受けるバージョンは、

・IBM i 7.5、IBM Rational Development Studio for i 7.5
・IBM i 7.4、IBM Rational Development Studio for i 7.4
・IBM i 7.3、IBM Rational Development Studio for i 7.3
・IBM i 7.2、IBM Rational Development Studio for i 7.2

以下の脆弱性が指摘されている。

CVE-2024-25050

IBM iとIBM Rational Development Studio for iのネットワーキングおよびコンパイラ・インフラストラクチャには、ライブラリー修飾子なしにCLコマンドが呼び出されるとローカル・ユーザーに特権昇格を許す脆弱性がある。攻撃者は、コードを管理者権限で実行する恐れがある。

CVSS 基本スコア:8.4(重要)

対処法

以下のPTFを適用することにより修正できる。

◎5770-SS1 *BASEおよびオプション12(12)のIBM i PTF番号

IBM i OS 5770-SS1 PTF ダウンロード・リンク
7.5

SI86029
SI86085
SI86108
SI86125
SI86236
SI86244
SI86248
SI86251
SJ00060
SJ00086 (12)
SJ00098 (12)
SJ00110
SJ00127
SJ00156
SJ00209
SJ00307
SJ00332
SJ00337
SJ00340
SJ00445
SJ00447
SJ00523

https://www.ibm.com/support/pages/ptf/SI86029
https://www.ibm.com/support/pages/ptf/SI86085
https://www.ibm.com/support/pages/ptf/SI86108
https://www.ibm.com/support/pages/ptf/SI86125
https://www.ibm.com/support/pages/ptf/SI86236
https://www.ibm.com/support/pages/ptf/SI86244
https://www.ibm.com/support/pages/ptf/SI86248
https://www.ibm.com/support/pages/ptf/SI86251
https://www.ibm.com/support/pages/ptf/SJ00060
https://www.ibm.com/support/pages/ptf/SJ00086
https://www.ibm.com/support/pages/ptf/SJ00098
https://www.ibm.com/support/pages/ptf/SJ00110
https://www.ibm.com/support/pages/ptf/SJ00127
https://www.ibm.com/support/pages/ptf/SJ00156
https://www.ibm.com/support/pages/ptf/SJ00209
https://www.ibm.com/support/pages/ptf/SJ00307
https://www.ibm.com/support/pages/ptf/SJ00332
https://www.ibm.com/support/pages/ptf/SJ00337
https://www.ibm.com/support/pages/ptf/SJ00340
https://www.ibm.com/support/pages/ptf/SJ00445
https://www.ibm.com/support/pages/ptf/SJ00447
https://www.ibm.com/support/pages/ptf/SJ00523

7.4

SI86026
SI86044
SI86074
SI86086
SI86124
SI86243
SI86247
SJ00004
SJ00059
SJ00087 (12)
SJ00099 (12)
SJ00109
SJ00155
SJ00208
SJ00331
SJ00333
SJ00336
SJ00341
SJ00444
SJ00446
SJ00529

https://www.ibm.com/support/pages/ptf/SI86026
https://www.ibm.com/support/pages/ptf/SI86044
https://www.ibm.com/support/pages/ptf/SI86074
https://www.ibm.com/support/pages/ptf/SI86086
https://www.ibm.com/support/pages/ptf/SI86124
https://www.ibm.com/support/pages/ptf/SI86243
https://www.ibm.com/support/pages/ptf/SI86247
https://www.ibm.com/support/pages/ptf/SJ00004
https://www.ibm.com/support/pages/ptf/SJ00059
https://www.ibm.com/support/pages/ptf/SJ00087
https://www.ibm.com/support/pages/ptf/SJ00099
https://www.ibm.com/support/pages/ptf/SJ00109
https://www.ibm.com/support/pages/ptf/SJ00155
https://www.ibm.com/support/pages/ptf/SJ00208
https://www.ibm.com/support/pages/ptf/SJ00331
https://www.ibm.com/support/pages/ptf/SJ00333
https://www.ibm.com/support/pages/ptf/SJ00336
https://www.ibm.com/support/pages/ptf/SJ00341
https://www.ibm.com/support/pages/ptf/SJ00444
https://www.ibm.com/support/pages/ptf/SJ00446
https://www.ibm.com/support/pages/ptf/SJ00529

7.3

SI85978
SI86023
SI86058
SI86089
SI86123
SI86242
SI86246
SJ00019
SJ00058
SJ00088 (12)
SJ00100 (12)
SJ00108
SJ00154
SJ00207
SJ00330
SJ00335
SJ00339
SJ00342
SJ00443
SJ00533

https://www.ibm.com/support/pages/ptf/SI85978
https://www.ibm.com/support/pages/ptf/SI86023
https://www.ibm.com/support/pages/ptf/SI86058
https://www.ibm.com/support/pages/ptf/SI86089
https://www.ibm.com/support/pages/ptf/SI86123
https://www.ibm.com/support/pages/ptf/SI86242
https://www.ibm.com/support/pages/ptf/SI86246
https://www.ibm.com/support/pages/ptf/SJ00019
https://www.ibm.com/support/pages/ptf/SJ00058
https://www.ibm.com/support/pages/ptf/SJ00088
https://www.ibm.com/support/pages/ptf/SJ00100
https://www.ibm.com/support/pages/ptf/SJ00108
https://www.ibm.com/support/pages/ptf/SJ00154
https://www.ibm.com/support/pages/ptf/SJ00207
https://www.ibm.com/support/pages/ptf/SJ00330
https://www.ibm.com/support/pages/ptf/SJ00335
https://www.ibm.com/support/pages/ptf/SJ00339
https://www.ibm.com/support/pages/ptf/SJ00342
https://www.ibm.com/support/pages/ptf/SJ00443
https://www.ibm.com/support/pages/ptf/SJ00533

7.2

SI85970
SI85981
SI85995
SI86092
SI86103
SI86241
SI86245
SJ00020
SJ00057
SJ00089 (12)
SJ00101 (12)
SJ00107
SJ00153
SJ00206
SJ00317
SJ00329
SJ00338
SJ00401
SJ00538

https://www.ibm.com/support/pages/ptf/SI85970
https://www.ibm.com/support/pages/ptf/SI85981
https://www.ibm.com/support/pages/ptf/SI85995
https://www.ibm.com/support/pages/ptf/SI86092
https://www.ibm.com/support/pages/ptf/SI86103
https://www.ibm.com/support/pages/ptf/SI86241
https://www.ibm.com/support/pages/ptf/SI86245
https://www.ibm.com/support/pages/ptf/SJ00020
https://www.ibm.com/support/pages/ptf/SJ00057
https://www.ibm.com/support/pages/ptf/SJ00089
https://www.ibm.com/support/pages/ptf/SJ00101
https://www.ibm.com/support/pages/ptf/SJ00107
https://www.ibm.com/support/pages/ptf/SJ00153
https://www.ibm.com/support/pages/ptf/SJ00206
https://www.ibm.com/support/pages/ptf/SJ00317
https://www.ibm.com/support/pages/ptf/SJ00329
https://www.ibm.com/support/pages/ptf/SJ00338
https://www.ibm.com/support/pages/ptf/SJ00401
https://www.ibm.com/support/pages/ptf/SJ00538

◎5770-WDS の IBM i PTF 番号

IBM i Release

5770-WDS

PTF ダウンロード・リンク

7.5 SI86179
SJ00204
https://www.ibm.com/support/pages/ptf/SI86179
https://www.ibm.com/support/pages/ptf/SJ00204
7.4 SI86136
SJ00196
https://www.ibm.com/support/pages/ptf/SI86136
https://www.ibm.com/support/pages/ptf/SJ00196
7.3 SI86096
SJ00194
https://www.ibm.com/support/pages/ptf/SI86096
https://www.ibm.com/support/pages/ptf/SJ00194
7.2 SI86065
SJ00157
https://www.ibm.com/support/pages/ptf/SI86065
https://www.ibm.com/support/pages/ptf/SJ00157

 

[i Magazine・IS magazine]