CVE-2017-1093 IBM CVE debrief

Who should care

IBM AIX administrators, Unix security teams, and any environment running AIX 6.1/7.1/7.2 where local user access is present or delegated. Systems with multiple users, shared shells, or service accounts should treat this as a priority review item.

Technical summary

NVD rates the issue CVSS 3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a locally exploitable flaw requiring low privileges and no user interaction. The reported weakness is in the bellmail binary on IBM AIX 6.1, 7.1, and 7.2, and successful exploitation could elevate a local account to root.

Defensive priority

High for any AIX host that permits untrusted or semi-trusted local access; lower, but still relevant, for tightly controlled systems with minimal local logins. Because the outcome is root privilege compromise, remediation review should be treated as urgent within normal patch windows.

Recommended defensive actions

• Identify all IBM AIX 6.1, 7.1, and 7.2 systems in your fleet and confirm whether the bellmail component is present.
• Review IBM’s PSIRT advisory for vendor remediation guidance and apply the recommended fix or mitigation.
• Reduce exposure by limiting local user access and tightening administrative account controls until systems are remediated.
• Verify that security monitoring and alerting cover unexpected privilege changes or anomalous use of bellmail on AIX hosts.
• Track the NVD and IBM references for any additional vendor notes or updated guidance.

Evidence notes

This summary is based on the official CVE/NVD record and IBM vendor advisory reference listed by NVD. The NVD record marks the vulnerability as affecting IBM AIX 6.1, 7.1, and 7.2 and assigns CVSS 3.0 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. NVD also lists the weakness as NVD-CWE-noinfo, so the precise underlying CWE is not specified in the supplied corpus.

Official resources