IBM AIX "socketpair()" Denial of Service Vulnerability
Secunia Advisory SA49404
Release Date 2012-06-06
Criticality level Not criticalNot critical
Impact DoS
Where Local system
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Remediation status Secunia CSI, Secunia PSI
Automated scanning Secunia CSI, Secunia PSI
Operating System
AIX 5.x
AIX 6.x
AIX 7.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) CVE-2012-2192 CVSS available in Customer Area
Description
A vulnerability has been reported in IBM AIX, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when using the "socketpair()" function and can be exploited to cause a system crash by making a function call with a socket in the free list.
The vulnerability is reported in versions 5.3, 6.1, and 7.1.
Solution
Apply APARs IV19178, IV16603, IV21128, IV21131, and IV21235.
Provided and/or discovered by
Reported by the vendor.
Original Advisory
IBM (IV19178, IV16603, IV21128, IV21131, IV21235):
http://aix.software.ibm.com/aix/efixes/security/socket_advisory.asc
Posljednje sigurnosne preporuke