Vigil@nce - AIX 6, AIX 7: two vulnerabilities
December 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
Two vulnerabilities have been announced in AIX.
Impacted products: AIX
Severity: 2/4
Creation date: 13/12/2012
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities have been announced in AIX.
An attacker can trigger a symbol resolution from a shared symbol
table for 64 bits program, in order to crash the system.
[severity:2/4]
IOCP is a feature from AIX that allow applications to use
asynchronous input/output. An attacker can manage a connection
while using IOCP, in order to crash the system. One of the
requirements is that the application must close the connection
while the system is receiving data. [severity:2/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/AIX-6-AIX-7-two-vulnerabilities-12231