Local DoS vulnerability in ibm aix and Virtual I/O Server 'dupmsg 'system calls

Release date:
Updated on:

Affected Systems:
Ibm aix 7.x
Ibm aix 6.x
Ibm aix 5.x
IBM Virtual I/O Server (VIOS) 2.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54706
Cve id: CVE-2012-0723

AIX is an open standard UNIX operating system that provides you with an enterprise information technology infrastructure. The Virtual I/O Server provides the command line management method to manage VIOS through the command line.

An error occurs when ibm aix and Virtual I/O Server export the "dupmsg" kernel extension call to the user space. The local denial of service vulnerability exists in the implementation, attackers can exploit this vulnerability to crash the affected computer.

<* Source: Jakub Wartak (jakub.wartak@gmail.com)

Link: http://secunia.com/advisories/50003/
Http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

IBM
---
For this reason, IBM has released a Security Bulletin (syscall_advisory) and corresponding patches:

Syscall_advisory: Vulnerability in AIX system call

Link: http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc