IBM AIX "TCP large send offload" Denial of Service Vulnerability
Secunia Advisory SA47865
Release Date 2012-02-06
Criticality level Less criticalLess critical
Impact DoS
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
Operating System
AIX 5.x
AIX 6.x
AIX 7.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2012-0194 CVSS available in Customer Area
Description
A vulnerability has been reported in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the TCP stack when the "TCP large send offload" option is enabled and can be exploited to trigger a kernel panic via a specially crafted sequence of TCP packets.
The vulnerability is reported in versions 5.3, 6.1, and 7.1.
Solution
Apply interim fixes or APARs when available (please see the vendor's advisory for more information).
Provided and/or discovered by
Reported by the vendor.
Original Advisory
IBM (IV13827, IV13751, IV13820, IV14209, IV14210, IV14211):
http://aix.software.ibm.com/aix/efixes/security/large_send_advisory.asc
http://xforce.iss.net/xforce/xfdb/72562
Posljednje sigurnosne preporuke