U radu operacijskog sustava IBM AIX uočen je sigurnosni nedostatak kojeg udaljeni napadač može iskoristiti za izvođenje napada uskraćivanjem usluge (DoS).
Paket:
IBM AIX 5.x, IBM AIX 6.x, IBM AIX 7.x
Operacijski sustavi:
IBM AIX 5.x, IBM AIX 6.x, IBM AIX 7.x
Problem:
nespecificirana pogreška
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-1385
Izvorni ID preporuke:
SA48149
Izvor:
Secunia
Problem:
Nedostatak je posljedica nespecificirane pogreške koja se očituje prilikom rukovanja ICMP paketima.
Posljedica:
Napadaču omogućuje izvođenje DoS (eng. Denial of Service) napada, slanjem posebno oblikovanog ICMP paketa.
Rješenje:
Korisnicima se savjetuje instalacija odgovarajuće nadogradnje.
IBM AIX ICMP Packet Handling Denial of Service Vulnerability
Secunia Advisory SA48149
Release Date 2012-02-27
Criticality level Moderately criticalModerately critical
Impact DoS
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
Operating System
AIX 5.x
AIX 6.x
AIX 7.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2011-1385 CVSS available in Customer Area
Description
A vulnerability has been reported in IBM AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error when handling ICMP packets and can be exploited by sending a specially crafted ICMP packet.
The vulnerability is reported in versions 5.3, 6.1, and 7.1.
Solution
Apply fix (Please see vendor's advisory for details).
Provided and/or discovered by
Reported by the vendor
Original Advisory
http://aix.software.ibm.com/aix/efixes/security/icmp_advisory.asc
Posljednje sigurnosne preporuke