lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20031002170232.A4042@osaka.louisville.edu>
From: keith.stevenson at louisville.edu (Keith Stevenson)
Subject: FW: IBM AIX GetIPNodeByName API Socket Management Vulnerability

On Thu, Oct 02, 2003 at 12:56:18PM -0700, Sherri Emerson wrote:
>  Hey yall! Although I've followed it for years, this
> is my frist time posting to the list, so bear please
> with me if I start to ramble or don't follow protocol.
> 
>  My friend sent this to me and I don't know where she
> got it, but I run AIX 5.2 and would love to know more
> about this. Has anyone heard anything? It says IBM
> disclosed the info, but I can't find usable stuff
> anywhere.
> 

Not only is it official, there is an APAR available from IBM to address the
issue:

AIX 4.3.3 - Not vulnerable
AIX 5.1   - APAR IY46273
AIX 5.2   - APAR IY46024

APARs are available from: https://techsupport.services.ibm.com/server/aix.fdc

IBM's analysis states that the impact is limited to denial of service
attacks against applications that use the getipnodebyname() call.

Regards,
--Keith Stevenson--

-- 
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
keith.stevenson@...isville.edu
GPG key fingerprint =  332D 97F0 6321 F00F 8EE7  2D44 00D8 F384 75BB 89AE


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ