AIX 5.3 TL 12 : bos.net.tcp.client (U846347)

High Nessus Plugin ID 72842

Synopsis

The remote AIX host is missing a vendor-supplied security patch.

Description

The remote host is missing AIX PTF U846347, which is related to the security of the package bos.net.tcp.client.

Vulnerability which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands.

Note: The ifix provided also contains the fix for CVE-2012-0194 and CVE-2011-1385 since they affect the same fileset.

See the following for CVE-2012-0194:
http://aix.software.ibm.com/aix/efixes/security/large_send_a dvisory.asc CVE-2011-1385:
http://aix.software.ibm.com/aix/efixes/security/icmp_advisor y.asc.

Solution

Install the appropriate missing security-related fix.

See Also

http://www-01.ibm.com/support/docview.wss?uid=isg1IV17941

http://www-01.ibm.com/support/docview.wss?uid=isg1IV13827

Plugin Details

Severity: High

ID: 72842

File Name: aix_U846347.nasl

Version: $Revision: 1.1 $

Type: local

Published: 2014/03/06

Modified: 2014/03/06

Dependencies: 12634

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:ibm:aix:5.3

Required KB Items: Host/local_checks_enabled, Host/AIX/oslevel, Host/AIX/version, Host/AIX/lslpp

Patch Publication Date: 2012/01/23

Vulnerability Publication Date: 2012/01/23

Reference Information

CVE: CVE-2012-0194