Hey yall! Although I've followed it for years, this is my frist time posting to the list, so bear please with me if I start to ramble or don't follow protocol.
My friend sent this to me and I don't know where she got it, but I run AIX 5.2 and would love to know more about this. Has anyone heard anything? It says IBM disclosed the info, but I can't find usable stuff anywhere. Thanks! -Sherri --- Crystal Mensy <[EMAIL PROTECTED]> wrote: > Date: 01 Oct 2003 07:47:12 -0700 (PDT) > From: Crystal Mensy <[EMAIL PROTECTED]> > Subject: IBM AIX GetIPNodeByName API Socket Management Vulnerability > To: Sherri Emerson <[EMAIL PROTECTED]> > > Hey Bebe!! :> I was wondering if this would be > handy to ya or not? > > ----<snip>---- > Security Alert > Subject: IBM AIX GetIPNodeByName API Socket Management Vulnerability > BUGTRAQ ID: 8738 CVE ID: CVE-MAP-NOMATCH > Published: 2003-10-01 Updated: 2003-10-01 09:45:36 GMT > > Vulnerable Systems: > IBM AIX 5.2 > IBM AIX 5.1 > > Short Summary: > IBM AIX vulnerable to an issue in socket management > that may allow an attacker to deny service ot to > crash some applications. > Impact: It is possible to deny service to legitimate > users of a program on a vulnerable system. > > Technical Description: > AIX is the UNIX operating system distributed and > maintained by IBM. A problem has been reported in > the socket handling of IBM AIX. Because of this, an > attacker may be able to crash an application on a > vulnerable system. > > The problem is in the management of sockets that > use the GetIPNodeByName function. Under some > circumstances, this function does not properly close > sockets during operation. This may allow an attacker > to open a large amount of sockets in services using > the function, resulting in a denial of service. > > Solutions: > Currently we are not aware of any vendor-supplied > patches for this issue. If you feel we are in error > or are aware of more recent information, please mail > us at: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>. > Credit: > Vulnerability disclosed by IBM. > References: > web page: > AIX Hopepage (IBM) > http://www-1.ibm.com/servers/aix/ > > > Change Log: > Oct 01, 2003 Initial analysis. > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product > search > http://shopping.yahoo.com __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
