Vulnerabilities > CVE-2008-1594 - Denial-Of-Service vulnerability in IBM AIX 5.2/5.3/6.1

047910
CVSS 4.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
local
low complexity
ibm
NVD
Published: 2008-03-31
Updated: 2017-09-29

Summary

The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.

Vulnerable Configurations

Part Description Count
OS
Ibm
3

Oval

accepted2008-07-07T04:00:22.494-04:00
classvulnerability
contributors
  • nameMichael Wood
    organizationHewlett-Packard
  • nameMichael Wood
    organizationHewlett-Packard
definition_extensions
  • commentIBM AIX 5200-10 is installed
    ovaloval:org.mitre.oval:def:5076
  • commentIBM AIX 5300-06 is installed
    ovaloval:org.mitre.oval:def:4813
  • commentIBM AIX 5300-07 is installed
    ovaloval:org.mitre.oval:def:5707
descriptionThe kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.
familyunix
idoval:org.mitre.oval:def:5434
statusaccepted
submitted2008-04-18T15:10:44.000-05:00
titleIBM AIX Multiple Privilege Escalation and Security Bypass Vulnerabilities
version43

References