AIX: denial of service via dupmsg
Synthesis of the vulnerability
A local attacker can use the dupmsg() system call, in order to stop the kernel.Impacted products:
BID-54706, CERTA-2012-AVI-410, CVE-2012-0723, IV22693, IV22694, IV22695, IV22696, IV22697, VIGILANCE-VUL-11800.
Description of the vulnerability
The AIX kernel supports STREAMS, which are used by drivers to transfer data.
The dupmsg() system call duplicates a STREAMS message, by calling dupb() to duplicate each block. However, dupmsg() does not check if its parameter is a valid message. The dupb() function is then called with an invalid memory address, which stops the kernel.
Moreover, this system call should only be reserved for drivers, and should not be available for user mode applications.
A local attacker can therefore use the dupmsg() system call, in order to stop the kernel.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides computer vulnerability bulletins
. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system.