Re: [Full-Disclosure] FW: IBM AIX GetIPNodeByName API Socket Management Vulnerability

From: Shiva Persaud (shivapd_at_us.ibm.com)
Date: 10/02/03

  • Next message: Keith Stevenson: "Re: [Full-Disclosure] FW: IBM AIX GetIPNodeByName API Socket Management Vulnerability" 
    To: Sherri Emerson <semerson1978@yahoo.com>
Date: Thu, 2 Oct 2003 15:47:40 -0500

    From the IBM AIX advisory:

    A. Official Fix
    IBM provides the following fixes:

         APAR number for AIX 5.1.0:  IY46273 (available)
    AIX 5.2.0:  IY46024 (available)

    Shiva Persaud
    AIX Security Developer
    shivapd@us.ibm.com

    |---------+-------------------------------------->
    | | Sherri Emerson |
    | | <semerson1978@yahoo.com> |
    | | Sent by: |
    | | full-disclosure-admin@lists|
    | | .netsys.com |
    | | |
    | | |
    | | 10/02/2003 02:56 PM |
    | | |
    |---------+-------------------------------------->
    >------------------------------------------------------------------------------------------------------------------------------|
      | |
      | To: full-disclosure@lists.netsys.com |
      | cc: |
      | Subject: [Full-Disclosure] FW: IBM AIX GetIPNodeByName API Socket Management Vulnerability |
      | |
    >------------------------------------------------------------------------------------------------------------------------------|

     Hey yall! Although I've followed it for years, this
    is my frist time posting to the list, so bear please
    with me if I start to ramble or don't follow protocol.

     My friend sent this to me and I don't know where she
    got it, but I run AIX 5.2 and would love to know more
    about this. Has anyone heard anything? It says IBM
    disclosed the info, but I can't find usable stuff
    anywhere.

     Thanks!

     -Sherri

    --- Crystal Mensy <crystal082k4@yahoo.com> wrote:
    > Date: 01 Oct 2003 07:47:12 -0700 (PDT)
    > From: Crystal Mensy <crytal082k4@yahoo.com>
    > Subject: IBM AIX GetIPNodeByName API Socket
    Management Vulnerability
    > To: Sherri Emerson <semerson1978@yahoo.com>
    >
    > Hey Bebe!! :> I was wondering if this would be
    > handy to ya or not?
    >
    > ----<snip>----
    > Security Alert
    > Subject: IBM AIX GetIPNodeByName API Socket
    Management Vulnerability
    > BUGTRAQ ID: 8738 CVE ID: CVE-MAP-NOMATCH
    > Published: 2003-10-01 Updated: 2003-10-01 09:45:36
    GMT
    >
    > Vulnerable Systems:
    > IBM AIX 5.2
    > IBM AIX 5.1
    >
    > Short Summary:
    > IBM AIX vulnerable to an issue in socket management
    > that may allow an attacker to deny service ot to
    > crash some applications.
    > Impact: It is possible to deny service to legitimate

    > users of a program on a vulnerable system.
    >
    > Technical Description:
    > AIX is the UNIX operating system distributed and
    > maintained by IBM. A problem has been reported in
    > the socket handling of IBM AIX. Because of this, an
    > attacker may be able to crash an application on a
    > vulnerable system.
    >
    > The problem is in the management of sockets that
    > use the GetIPNodeByName function. Under some
    > circumstances, this function does not properly close
    > sockets during operation. This may allow an attacker

    > to open a large amount of sockets in services using
    > the function, resulting in a denial of service.
    >
    > Solutions:
    > Currently we are not aware of any vendor-supplied
    > patches for this issue. If you feel we are in error
    > or are aware of more recent information, please mail
    > us at: vulndb@securityfocus.com
    > <mailto:vulndb@securityfocus.com>.
    > Credit:
    > Vulnerability disclosed by IBM.
    > References:
    > web page:
    > AIX Hopepage (IBM)
    > http://www-1.ibm.com/servers/aix/
    >
    >
    > Change Log:
    > Oct 01, 2003 Initial analysis.
    >
    > __________________________________
    > Do you Yahoo!?
    > The New Yahoo! Shopping - with improved product
    > search
    > http://shopping.yahoo.com

    __________________________________
    Do you Yahoo!?
    The New Yahoo! Shopping - with improved product search
    http://shopping.yahoo.com

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Keith Stevenson: "Re: [Full-Disclosure] FW: IBM AIX GetIPNodeByName API Socket Management Vulnerability"

    Relevant Pages

    • [UNIX] IBM AIX Multiple Vulnerabilities
      ... Multiple vulnerabilities have been discovered in IBM AIX. ... IBM AIX ftp domacro Parameter Buffer Overflow Vulnerability ... IBM AIX bellmail Stack Buffer Overflow Vulnerability ...
      (Securiteam)
    • Re: New AIX user from Solaris background
      ... Is there a good simple reference to volume management on AIX? ... I saw a post on this group for 2 drawers of SSA disk for $50 must be picked ... IBM Documentation Center ...
      (comp.unix.aix)
    • Re: GNU rant
      ... If you download Sources, you have to already have a compiler... ... AIX freeware site. ... Often these are old versions (of which IBM certainly used to be the ... The only place to get openssh from is Darren Tucker's ...
      (comp.unix.aix)
    • Re: IBM extends support for AIX 5.1.
      ... I don't totally agree (not with you, but rather your customers ... IBM got the word out long ago about their direction on ... AIX Administrator, Komatsu America ... is because they are withdrawing support of 4.3.3. ...
      (AIX-L)
    • Re: IBM extends support for AIX 5.1.
      ... any RS/6000 machine and that was a selling feature for IBM. ... the support deadline. ... AIX Administrator, Komatsu America ... that there are some fairly recent machines that will not run 5.2. ...
      (AIX-L)