Ispravljen je sigurnosni nedostatak vezan uz IBM AIX. Spomenuti propust omogućuje lokalnim korisnicima izvođenje napada uskraćivanjem usluge (DoS napad).
Paket:
IBM AIX 5.x, IBM AIX 6.x, IBM AIX 7.x
Operacijski sustavi:
IBM AIX 5.x, IBM AIX 6.x, IBM AIX 7.x
Kritičnost:
2.1
Problem:
neodgovarajuća provjera ulaznih podataka, pogreška u programskoj funkciji
Iskorištavanje:
lokalno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-0723
Izvorni ID preporuke:
1027315
Izvor:
IBM
Problem:
Propust je posljedica pogrešaka pri provjeri ulaznih podataka prilikom poziva funkcije dupmsg().
Posljedica:
Lokalni napadač može iskoristiti navedeni problem za rušenje ranjivog sustava.
IBM AIX dupmsg() Bug Lets Local Users Deny Service
SecurityTracker Alert ID: 1027315
SecurityTracker URL: http://securitytracker.com/id/1027315
CVE Reference: CVE-2012-0723 (Links to External Site)
Date: Jul 27 2012
Impact: Denial of service via local system
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 5.3, 6.1, 7.1
Description: A vulnerability was reported in IBM AIX. A local user can cause denial of service conditions.
A local user can invoke the dupmsg() call to cause the target system to crash.
Jakub Wartak reported this vulnerability.
Impact: A local user can cause the target system to crash.
Solution: The vendor has issued a fix (APARs IV22694, IV22693, IV22695, IV22696, IV22697).
The vendor's advisory is available at:
http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc
Vendor URL: aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc (Links to External Site)
Cause: Input validation error
Underlying OS:
Message History: None.
Posljednje sigurnosne preporuke