| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: shivapd at us.ibm.com (Shiva Persaud) Subject: FW: IBM AIX GetIPNodeByName API Socket Management Vulnerability >From the IBM AIX advisory: A. Official Fix IBM provides the following fixes: ? ? ?APAR number for AIX 5.1.0: ?IY46273 (available).? ? ?APAR number for AIX 5.2.0: ?IY46024 (available) Shiva Persaud AIX Security Developer shivapd@...ibm.com |---------+--------------------------------------> | | Sherri Emerson | | | <semerson1978@...oo.com> | | | Sent by: | | | full-disclosure-admin@...ts| | | .netsys.com | | | | | | | | | 10/02/2003 02:56 PM | | | | |---------+--------------------------------------> >------------------------------------------------------------------------------------------------------------------------------| | | | To: full-disclosure@...ts.netsys.com | | cc: | | Subject: [Full-Disclosure] FW: IBM AIX GetIPNodeByName API Socket Management Vulnerability | | | >------------------------------------------------------------------------------------------------------------------------------| Hey yall! Although I've followed it for years, this is my frist time posting to the list, so bear please with me if I start to ramble or don't follow protocol. My friend sent this to me and I don't know where she got it, but I run AIX 5.2 and would love to know more about this. Has anyone heard anything? It says IBM disclosed the info, but I can't find usable stuff anywhere. Thanks! -Sherri --- Crystal Mensy <crystal082k4@...oo.com> wrote: > Date: 01 Oct 2003 07:47:12 -0700 (PDT) > From: Crystal Mensy <crytal082k4@...oo.com> > Subject: IBM AIX GetIPNodeByName API Socket Management Vulnerability > To: Sherri Emerson <semerson1978@...oo.com> > > Hey Bebe!! :> I was wondering if this would be > handy to ya or not? > > ----<snip>---- > Security Alert > Subject: IBM AIX GetIPNodeByName API Socket Management Vulnerability > BUGTRAQ ID: 8738 CVE ID: CVE-MAP-NOMATCH > Published: 2003-10-01 Updated: 2003-10-01 09:45:36 GMT > > Vulnerable Systems: > IBM AIX 5.2 > IBM AIX 5.1 > > Short Summary: > IBM AIX vulnerable to an issue in socket management > that may allow an attacker to deny service ot to > crash some applications. > Impact: It is possible to deny service to legitimate > users of a program on a vulnerable system. > > Technical Description: > AIX is the UNIX operating system distributed and > maintained by IBM. A problem has been reported in > the socket handling of IBM AIX. Because of this, an > attacker may be able to crash an application on a > vulnerable system. > > The problem is in the management of sockets that > use the GetIPNodeByName function. Under some > circumstances, this function does not properly close > sockets during operation. This may allow an attacker > to open a large amount of sockets in services using > the function, resulting in a denial of service. > > Solutions: > Currently we are not aware of any vendor-supplied > patches for this issue. If you feel we are in error > or are aware of more recent information, please mail > us at: vulndb@...urityfocus.com > <mailto:vulndb@...urityfocus.com>. > Credit: > Vulnerability disclosed by IBM. > References: > web page: > AIX Hopepage (IBM) > http://www-1.ibm.com/servers/aix/ > > > Change Log: > Oct 01, 2003 Initial analysis. > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product > search > http://shopping.yahoo.com __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists