You are here

U-111: IBM AIX ICMP Processing Flaw Lets Remote Users Deny Service

February 27, 2012 - 6:27am

Addthis

PROBLEM:

A vulnerability was reported in IBM AIX. A remote user can cause denial of service conditions.

PLATFORM:

version(s): 5.3, 6.1, and 7.1

ABSTRACT:

A remote user can send a specially crafted ICMP packet to cause the target service to crash.

reference LINKS:

Vendor Advisory
Security Tracker ID 1026742
CVE-2011-1385

IMPACT ASSESSMENT:

Medium

Discussion:

There is an error in the handling of a particular ICMP packet in which a remote user can cause a denial of service.

Impact:

Denial of service on AIX via network.

Solution:

The vendor has issued a fix.
5.3.12: APAR IV03369
6.1.5: APAR IV13672
6.1.6: APAR IV13554
6.1.7: APAR IV07188
7.1.0: APAR IV04695
7.1.1: APAR IV08255

The fixes can be downloaded via ftp from: aix.software.ibm.com/aix/efixes/security/icmp_fix.tar

Addthis