Vulnerabilities > CVE-2014-0930 - Unspecified vulnerability in IBM AIX and Vios

CVSS 4.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

local

ibm

nessus

NVD

Published: 2014-05-08

Updated: 2021-08-31

Summary

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Vios 2.2.0.10 IBM Vios 2.2.0.11 IBM Vios 2.2.1.0 IBM Vios 2.2.1.1 IBM Vios 2.2.0.12 IBM Vios 2.2.0.13 IBM Vios 2.2.2.0 IBM Vios 2.2.3.0 IBM Vios 2.2.1.3 IBM Vios 2.2.1.4	10
OS	Ibm IBM AIX 7.1 IBM AIX 6.1 IBM AIX 5.3	3

Nessus

NASL family	AIX Local Security Checks
NASL id	AIX_U861815.NASL
description	The remote host is missing AIX PTF U861815, which is related to the security of the package bos.mp64. IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace() function. A local attacker could exploit this vulnerability to cause a system crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	77381
published	2014-08-26
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/77381
title	AIX 7.1 TL 1 : bos.mp64 (U861815)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were extracted # from AIX Security PTF U861815. The text itself is copyright (C) # International Business Machines Corp. # include("compat.inc"); if (description) { script_id(77381); script_version("$Revision: 1.1 $"); script_cvs_date("$Date: 2014/08/26 14:32:55 $"); script_cve_id("CVE-2014-0930"); script_name(english:"AIX 7.1 TL 1 : bos.mp64 (U861815)"); script_summary(english:"Check for PTF U861815"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The remote host is missing AIX PTF U861815, which is related to the security of the package bos.mp64. IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace() function. A local attacker could exploit this vulnerability to cause a system crash." ); script_set_attribute( attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IV58888" ); script_set_attribute( attribute:"solution", value:"Install the appropriate missing security-related fix." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/07"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( aix_check_patch(ml:"710001", patch:"U861815", package:"bos.mp64.7.1.1.21") < 0 ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	AIX Local Security Checks
NASL id	AIX_U858978.NASL
description	The remote host is missing AIX PTF U858978, which is related to the security of the package bos.mp64.
last seen	2020-06-01
modified	2020-06-02
plugin id	74271
published	2014-06-03
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/74271
title	AIX 7.1 TL 3 : bos.mp64 (U858978)

NASL family	AIX Local Security Checks
NASL id	AIX_IV59675.NASL
description	IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace() function. A local attacker could exploit this vulnerability to cause a system crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	73843
published	2014-05-03
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73843
title	AIX 5.3 TL 12 : ptrace (IV59675)

NASL family	AIX Local Security Checks
NASL id	AIX_U859304.NASL
description	The remote host is missing AIX PTF U859304, which is related to the security of the package bos.mp64.
last seen	2020-06-01
modified	2020-06-02
plugin id	74272
published	2014-06-03
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/74272
title	AIX 6.1 TL 9 : bos.mp64 (U859304)

NASL family	AIX Local Security Checks
NASL id	AIX_IV58888.NASL
description	IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace() function. A local attacker could exploit this vulnerability to cause a system crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	73838
published	2014-05-03
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73838
title	AIX 7.1 TL 1 : ptrace (IV58888)

NASL family	AIX Local Security Checks
NASL id	AIX_IV58948.NASL
description	IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace() function. A local attacker could exploit this vulnerability to cause a system crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	73839
published	2014-05-03
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73839
title	AIX 6.1 TL 8 : ptrace (IV58948)

NASL family	AIX Local Security Checks
NASL id	AIX_U861576.NASL
description	The remote host is missing AIX PTF U861576, which is related to the security of the package bos.mp64. IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace() function. A local attacker could exploit this vulnerability to cause a system crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	77412
published	2014-08-28
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/77412
title	AIX 6.1 TL 7 : bos.mp64 (U861576)

NASL family	AIX Local Security Checks
NASL id	AIX_IV59045.NASL
description	IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace() function. A local attacker could exploit this vulnerability to cause a system crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	73840
published	2014-05-03
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73840
title	AIX 6.1 TL 7 : ptrace (IV59045)

NASL family	AIX Local Security Checks
NASL id	AIX_U859634.NASL
description	The remote host is missing AIX PTF U859634, which is related to the security of the package bos.mp64. IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace() function. A local attacker could exploit this vulnerability to cause a system crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	77378
published	2014-08-26
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/77378
title	AIX 7.1 TL 2 : bos.mp64 (U859634)

NASL family	AIX Local Security Checks
NASL id	AIX_IV59607.NASL
description	IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace() function. A local attacker could exploit this vulnerability to cause a system crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	73841
published	2014-05-03
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73841
title	AIX 7.1 TL 3 : ptrace (IV59607)

NASL family	AIX Local Security Checks
NASL id	AIX_IV59615.NASL
description	IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace() function. A local attacker could exploit this vulnerability to cause a system crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	73842
published	2014-05-03
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73842
title	AIX 6.1 TL 9 : ptrace (IV59615)

NASL family	AIX Local Security Checks
NASL id	AIX_IV58861.NASL
description	IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace() function. A local attacker could exploit this vulnerability to cause a system crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	73837
published	2014-05-03
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73837
title	AIX 7.1 TL 2 : ptrace (IV58861)

NASL family	AIX Local Security Checks
NASL id	AIX_U862133.NASL
description	The remote host is missing AIX PTF U862133, which is related to the security of the package bos.mp64. IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace() function. A local attacker could exploit this vulnerability to cause a system crash.
last seen	2020-06-01
modified	2020-06-02
plugin id	77413
published	2014-08-28
reporter	This script is Copyright (C) 2014 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/77413
title	AIX 6.1 TL 8 : bos.mp64 (U862133)

Summary

Vulnerable Configurations

Nessus

References