| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: keith.stevenson at louisville.edu (Keith Stevenson) Subject: FW: IBM AIX GetIPNodeByName API Socket Management Vulnerability On Thu, Oct 02, 2003 at 12:56:18PM -0700, Sherri Emerson wrote: > Hey yall! Although I've followed it for years, this > is my frist time posting to the list, so bear please > with me if I start to ramble or don't follow protocol. > > My friend sent this to me and I don't know where she > got it, but I run AIX 5.2 and would love to know more > about this. Has anyone heard anything? It says IBM > disclosed the info, but I can't find usable stuff > anywhere. > Not only is it official, there is an APAR available from IBM to address the issue: AIX 4.3.3 - Not vulnerable AIX 5.1 - APAR IY46273 AIX 5.2 - APAR IY46024 APARs are available from: https://techsupport.services.ibm.com/server/aix.fdc IBM's analysis states that the impact is limited to denial of service attacks against applications that use the getipnodebyname() call. Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville keith.stevenson@...isville.edu GPG key fingerprint = 332D 97F0 6321 F00F 8EE7 2D44 00D8 F384 75BB 89AE
Powered by blists - more mailing lists