[VIM] slew of AIX APARs of interest

security curmudgeon jericho at attrition.org
Tue Mar 25 07:04:00 UTC 2008


While frolicking through the IBM APAR slag, I ran across a lot of entries 
that may be vulnerabilities and worthy of inclusion in VDBs. Due to the 
details being a bit vague, i'm not entirely sure which are 
vulnerabilities, which can be abused from user land privileges, etc. So, 
here they are for consideration and discussion. I'm including the URL, 
date reported and OSVDB-ish titles.

IBM AIX NIS User Password Expiration Telnet Bypass
2007-03-07
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95721

IBM AIX tcp_tcpsecure
2007-03-10
http://www-1.ibm.com/support/docview.wss?uid=isg1IY95881

IBM AIX sisraidmgr / sissasraidmgr Local Overflow
2007-03-16
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96184

IBM AIX lsvirprt Local Overflow
2007-03-20
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96274

IBM AIX isakmpd INITIAL_CONTACT Message Remote DoS
2007-03-29
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96709

IBM AIX bos.net.tcp.server
2007-04-09
http://www-1.ibm.com/support/docview.wss?uid=isg1IY97150

IBM AIX bos.net.nfs.client
2007-04-01
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96834

IBM AIX WLM Class kprocs Association Persistence
2007-04-13
http://www-1.ibm.com/support/docview.wss?uid=isg1IY97359

IBM AIX WLM Class rset Update kprocs Race Condition
2007-04-13
http://www-1.ibm.com/support/docview.wss?uid=isg1IY97360
http://www-1.ibm.com/support/docview.wss?uid=isg1IY97251

IBM AIX devices.common.IBM.ib.rte
2007-04-20
http://www-1.ibm.com/support/docview.wss?uid=isg1IY97679

IBM AIX J2 Log Sync List Corruption
2007-04-21
http://www-1.ibm.com/support/docview.wss?uid=isg1IY97708

IBM AIX Lock Instrumentation DoS
2007-04-24
http://www-1.ibm.com/support/docview.wss?uid=isg1IY97812




More information about the VIM mailing list