Vulnerabilities > CVE-2012-0194 - Denial of Service vulnerability in IBM AIX 5.3/6.1/7.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.
Nessus
NASL family AIX Local Security Checks NASL id AIX_U849877.NASL description The remote host is missing AIX PTF U849877, which is related to the security of the package bos.net.tcp.client. AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic. last seen 2020-06-01 modified 2020-06-02 plugin id 72848 published 2014-03-06 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72848 title AIX 6.1 TL 6 : bos.net.tcp.client (U849877) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were extracted # from AIX Security PTF U849877. The text itself is copyright (C) # International Business Machines Corp. # include("compat.inc"); if (description) { script_id(72848); script_version("1.3"); script_cvs_date("Date: 2019/09/16 14:13:08"); script_cve_id("CVE-2012-0194"); script_name(english:"AIX 6.1 TL 6 : bos.net.tcp.client (U849877)"); script_summary(english:"Check for PTF U849877"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The remote host is missing AIX PTF U849877, which is related to the security of the package bos.net.tcp.client. AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic." ); script_set_attribute( attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IV13820" ); script_set_attribute( attribute:"solution", value:"Install the appropriate missing security-related fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/23"); script_set_attribute(attribute:"patch_publication_date", value:"2012/01/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( aix_check_patch(ml:"610006", patch:"U849877", package:"bos.net.tcp.client.6.1.6.18") < 0 ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IV13827.NASL description There is an error in the handling of a particular ICMP packet in which a remote user can cause a denial of service. Note: The ifixes provided also contain the fix for CVE-2012-0194 since they affect the same fileset. See the following for CVE-2012-0194: http://aix.software.ibm.com/aix/efixes/security/large_send_a dvisory.asc. last seen 2017-10-29 modified 2014-03-11 plugin id 63708 published 2013-01-24 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=63708 title AIX 5.3 TL 12 : icmp (IV13827) NASL family AIX Local Security Checks NASL id AIX_IV13820.NASL description There is an error in the handling of a particular ICMP packet in which a remote user can cause a denial of service. Note: The ifixes provided also contain the fix for CVE-2012-0194 since they affect the same fileset. See the following for CVE-2012-0194: http://aix.software.ibm.com/aix/efixes/security/large_send_a dvisory.asc. last seen 2017-10-29 modified 2014-03-11 plugin id 64301 published 2013-01-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=64301 title AIX 6.1 TL 6 : icmp (IV13820) NASL family AIX Local Security Checks NASL id AIX_IV13751.NASL description There is an error in the handling of a particular ICMP packet in which a remote user can cause a denial of service. Note: The ifixes provided also contain the fix for CVE-2012-0194 since they affect the same fileset. See the following for CVE-2012-0194: http://aix.software.ibm.com/aix/efixes/security/large_send_a dvisory.asc. last seen 2017-10-29 modified 2014-03-11 plugin id 64300 published 2013-01-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=64300 title AIX 6.1 TL 5 : icmp (IV13751) NASL family AIX Local Security Checks NASL id AIX_U849815.NASL description The remote host is missing AIX PTF U849815, which is related to the security of the package bos.net.tcp.client. AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic. last seen 2020-06-01 modified 2020-06-02 plugin id 72847 published 2014-03-06 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72847 title AIX 6.1 TL 5 : bos.net.tcp.client (U849815) NASL family AIX Local Security Checks NASL id AIX_IV14211.NASL description AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic. last seen 2017-10-29 modified 2014-08-15 plugin id 64304 published 2013-01-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=64304 title AIX 7.1 TL 1 : large_send (IV14211) NASL family AIX Local Security Checks NASL id AIX_U848193.NASL description The remote host is missing AIX PTF U848193, which is related to the security of the package bos.net.tcp.client. AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic. last seen 2020-06-01 modified 2020-06-02 plugin id 72844 published 2014-03-06 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72844 title AIX 6.1 TL 7 : bos.net.tcp.client (U848193) NASL family AIX Local Security Checks NASL id AIX_IV14209.NASL description AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic. last seen 2017-10-29 modified 2014-08-15 plugin id 64302 published 2013-01-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=64302 title AIX 6.1 TL 7 : large_send (IV14209) NASL family AIX Local Security Checks NASL id AIX_U849490.NASL description The remote host is missing AIX PTF U849490, which is related to the security of the package bos.net.tcp.client. AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic. last seen 2020-06-01 modified 2020-06-02 plugin id 72846 published 2014-03-06 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72846 title AIX 7.1 TL 1 : bos.net.tcp.client (U849490) NASL family AIX Local Security Checks NASL id AIX_IV14210.NASL description There is an error in the handling of a particular ICMP packet in which a remote user can cause a denial of service. Note: The ifixes provided also contain the fix for CVE-2012-0194 since they affect the same fileset. See the following for CVE-2012-0194: http://aix.software.ibm.com/aix/efixes/security/large_send_a dvisory.asc. last seen 2017-10-29 modified 2014-03-11 plugin id 64303 published 2013-01-30 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=64303 title AIX 7.1 TL 0 : icmp (IV14210) NASL family AIX Local Security Checks NASL id AIX_U846347.NASL description The remote host is missing AIX PTF U846347, which is related to the security of the package bos.net.tcp.client. Vulnerability which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands. Note: The ifix provided also contains the fix for CVE-2012-0194 and CVE-2011-1385 since they affect the same fileset. See the following for CVE-2012-0194: http://aix.software.ibm.com/aix/efixes/security/large_send_a dvisory.asc CVE-2011-1385: http://aix.software.ibm.com/aix/efixes/security/icmp_advisor y.asc. last seen 2020-06-01 modified 2020-06-02 plugin id 72842 published 2014-03-06 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72842 title AIX 5.3 TL 12 : bos.net.tcp.client (U846347) NASL family AIX Local Security Checks NASL id AIX_U848205.NASL description The remote host is missing AIX PTF U848205, which is related to the security of the package bos.net.tcp.client. AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic. last seen 2020-06-01 modified 2020-06-02 plugin id 72845 published 2014-03-06 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72845 title AIX 7.1 : bos.net.tcp.client (U848205) NASL family AIX Local Security Checks NASL id AIX_U841068.NASL description The remote host is missing AIX PTF U841068, which is related to the security of the package bos.net.tcp.client. AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic. last seen 2020-06-01 modified 2020-06-02 plugin id 72839 published 2014-03-06 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72839 title AIX 6.1 TL 7 : bos.net.tcp.client (U841068) NASL family AIX Local Security Checks NASL id AIX_U843468.NASL description The remote host is missing AIX PTF U843468, which is related to the security of the package bos.net.tcp.client. AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic. last seen 2020-06-01 modified 2020-06-02 plugin id 72840 published 2014-03-06 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72840 title AIX 7.1 TL 1 : bos.net.tcp.client (U843468)
Seebug
| bulletinFamily | exploit |
| description | Bugtraq ID: 51864 CVE ID:CVE-2012-0194 IBM AIX是一款商业性质的操作系统 当在IBM AIX网络接口上启用TCP "Large Send Offload"选项时才能在一个错误,AIX允许远程攻击者对系统进行拒绝服务攻击。通过发送特殊构建的报文序列,攻击者可以利用此漏洞触发内核崩溃 0 IBM AIX 7.1 IBM AIX 6.1 IBM AIX 5.3 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息 http://aix.software.ibm.com/aix/efixes/security/large_send_advisory.asc |
| id | SSV:30090 |
| last seen | 2017-11-19 |
| modified | 2012-02-06 |
| published | 2012-02-06 |
| reporter | Root |
| title | IBM AIX TCP栈拒绝服务漏洞 |
References
- http://aix.software.ibm.com/aix/efixes/security/large_send_advisory.asc
- http://secunia.com/advisories/47865
- http://securitytracker.com/id?1026640
- http://www.ibm.com/support/docview.wss?uid=isg1IV13751
- http://www.ibm.com/support/docview.wss?uid=isg1IV13820
- http://www.ibm.com/support/docview.wss?uid=isg1IV13827
- http://www.ibm.com/support/docview.wss?uid=isg1IV14209
- http://www.ibm.com/support/docview.wss?uid=isg1IV14210
- http://www.ibm.com/support/docview.wss?uid=isg1IV14211
- http://www.securityfocus.com/bid/51864
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72562