Vulnerabilities > CVE-2010-1124 - Remote Denial of Service vulnerability in IBM AIX 'getaddrinfo()'
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors, as demonstrated by IBM DB2 crashes on "systems with databases cataloged with alternate servers using IP addresses."
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 38964 CVE ID: CVE-2010-1124 IBM AIX是一款商业性质的UNIX操作系统。 IBM AIX在执行getaddrinfo调用后bos.rte.libc不支持读取某些地址字段,用户受骗访问了恶意服务器IP地址就会导致拒绝服务。 IBM AIX 5.3 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www-01.ibm.com/support/docview.wss?uid=isg1IZ66710 |
| id | SSV:19360 |
| last seen | 2017-11-19 |
| modified | 2010-03-30 |
| published | 2010-03-30 |
| reporter | Root |
| title | IBM AIX 5.3 getaddrinfo()函数远程拒绝服务漏洞 |