[VIM] slew of AIX APARs of interest (batch 4)

security curmudgeon jericho at attrition.org
Tue Mar 25 09:21:36 UTC 2008



While frolicking through the IBM APAR slag, I ran across a lot of entries 
that may be vulnerabilities and worthy of inclusion in VDBs. Due to the 
details being a bit vague, i'm not entirely sure which are 
vulnerabilities, which can be abused from user land privileges, etc. So, 
here they are for consideration and discussion. I'm including the URL, 
date reported and OSVDB-ish titles.

IBM AIX LDAP Username Echo
2007-06-09
http://www-1.ibm.com/support/docview.wss?uid=isg1IY99820

IBM AIX devices.chrp.IBM.lhea.rte Kernel Timer
2007-06-15
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00207

IBM AIX NAMEDSHLIB Export
2007-06-19
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00435
http://www-1.ibm.com/support/docview.wss?uid=isg1IY97325

IBM AIX bos.net.nfs.client Recursive Referral DoS
2007-06-20
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00508

IBM AIX ktimer_delete Double-free
2007-06-21
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00541

IBM AIX bos.rte.tty TTY Debug CDT Reallocation
2007-06-21
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00544

IBM AIX devices.pci.14108c00.rte
2007-06-25
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00682

IBM AIX chpasswd non-DES Hashing
2007-06-26
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ00748



More information about the VIM mailing list