AIX 5.3 TL 12 : bos.net.tcp.client (U846347)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote AIX host is missing a vendor-supplied security patch.

Description :

The remote host is missing AIX PTF U846347, which is related to the
security of the package bos.net.tcp.client.

Vulnerability which allows remote attackers to (1) register or (2)
unregister RPC services, and consequently cause a denial of service or
obtain sensitive information from interprocess communication, via
crafted UDP packets containing service commands.

Note: The ifix provided also contains the fix for CVE-2012-0194 and
CVE-2011-1385 since they affect the same fileset.

See the following for CVE-2012-0194:
http://aix.software.ibm.com/aix/efixes/security/large_send_a
dvisory.asc CVE-2011-1385:
http://aix.software.ibm.com/aix/efixes/security/icmp_advisor
y.asc.

See also :

http://www-01.ibm.com/support/docview.wss?uid=isg1IV17941
http://www-01.ibm.com/support/docview.wss?uid=isg1IV13827

Solution :

Install the appropriate missing security-related fix.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Family: AIX Local Security Checks

Nessus Plugin ID: 72842 ()

Bugtraq ID:

CVE ID: CVE-2012-0194