Vulnerabilities > CVE-2012-4817 - Unspecified vulnerability in IBM AIX and Vios

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
ibm
nessus
NVD
Published: 2012-09-14
Updated: 2021-08-31

Summary

The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Ibm
17
OS
Ibm
3

Nessus

NASL familyAIX Local Security Checks
NASL idAIX_IV26436.NASL
descriptionGID in NFSv4 is loosely enforced.
last seen2020-06-01
modified2020-06-02
plugin id63735
published2013-01-24
reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/63735
titleAIX 7.1 TL 0 : nfsv4 (IV26436)

Seebug

bulletinFamilyexploit
descriptionBugtraq ID:55546 CVE ID:CVE-2012-4817 IBM AIX是一款商业性质的操作系统。 IBM AIX NFS客户端实现不正确处理GID值,远程攻击者可以利用漏洞使NFS服务不稳定。 0 IBM Aix 7.1.1 IBM Aix 7.1 IBM Aix 6.1.7 IBM Aix 6.1.6 IBM AIX 6.1.5 IBM AIX 6.1.4 IBM AIX 6.1.3 IBM AIX 6.1.2 IBM AIX 6.1.1 IBM AIX 5.3.10 IBM AIX 5.3.9 IBM AIX 5.3.8 IBM AIX 5.3.7 IBM AIX 5.3 L IBM AIX 7.1 IBM AIX 6.1 IBM AIX 5.3.12 IBM AIX 5.3.11 IBM AIX 5.3 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息: http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc
idSSV:60391
last seen2017-11-19
modified2012-09-18
published2012-09-18
reporterRoot
titleIBM AIX NFSv4 GID远程拒绝服务漏洞

References