Vulnerabilities > CVE-2012-2192 - Resource Management Errors vulnerability in IBM AIX and Vios
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family AIX Local Security Checks NASL id AIX_IV19178.NASL description When socketpair calls are used on the system we could see a crash in socket code path due to the fact that one of the socket is in the free list. last seen 2020-06-01 modified 2020-06-02 plugin id 63716 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63716 title AIX 5.3 TL 12 : socket (IV19178) NASL family AIX Local Security Checks NASL id AIX_IV21235.NASL description When socketpair calls are used on the system we could see a crash in socket code path due to the fact that one of the socket is in the free list. last seen 2020-06-01 modified 2020-06-02 plugin id 63719 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63719 title AIX 7.1 TL 1 : socket (IV21235) NASL family AIX Local Security Checks NASL id AIX_IV21131.NASL description When socketpair calls are used on the system we could see a crash in socket code path due to the fact that one of the socket is in the free list. last seen 2020-06-01 modified 2020-06-02 plugin id 63718 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63718 title AIX 7.1 TL 0 : socket (IV21131) NASL family AIX Local Security Checks NASL id AIX_IV21128.NASL description When socketpair calls are used on the system we could see a crash in socket code path due to the fact that one of the socket is in the free list. last seen 2020-06-01 modified 2020-06-02 plugin id 63717 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63717 title AIX 6.1 TL 7 : socket (IV21128) NASL family AIX Local Security Checks NASL id AIX_IV16603.NASL description When socketpair calls are used on the system we could see a crash in socket code path due to the fact that one of the socket is in the free list. last seen 2020-06-01 modified 2020-06-02 plugin id 63709 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63709 title AIX 6.1 TL 6 : socket (IV16603)
References
- http://www.ibm.com/support/docview.wss?uid=isg1IV21131
- http://aix.software.ibm.com/aix/efixes/security/socket_advisory.asc
- http://www.ibm.com/support/docview.wss?uid=isg1IV19178
- http://www.ibm.com/support/docview.wss?uid=isg1IV16603
- http://www.ibm.com/support/docview.wss?uid=isg1IV21235
- http://www.ibm.com/support/docview.wss?uid=isg1IV21128
- http://www.securityfocus.com/bid/53567
- http://www.securitytracker.com/id?1027126
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76032