Vulnerability CVE-2014-0930
Published: 2014-05-08

Description:
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
IBM AIX Kernel Memory Leak / Denial Of Service
Tim Brown
07.05.2014

Type:

CWE-noinfo

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.7/10
6.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
IBM -> AIX 
IBM -> VIOS 

 References:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0930/
http://xforce.iss.net/xforce/xfdb/92262
http://www.ibm.com/support/docview.wss?uid=isg1IV59675
http://www.ibm.com/support/docview.wss?uid=isg1IV59045
http://www.ibm.com/support/docview.wss?uid=isg1IV58948
http://www.ibm.com/support/docview.wss?uid=isg1IV58888
http://www.ibm.com/support/docview.wss?uid=isg1IV58861
http://www.ibm.com/support/docview.wss?uid=isg1IV58840
http://www.ibm.com/support/docview.wss?uid=isg1IV58766
http://archives.neohapsis.com/archives/bugtraq/2014-05/0031.html
http://aix.software.ibm.com/aix/efixes/security/ptrace_advisory.asc
Copyright 2024, cxsecurity.com

 

Back to Top