Info

Disclosure

May 01, 2001

Discovery

Unknown

Dates

Exploit

May 01, 2001

Solution

Unknown

Description

IBM AIX snmpd contains a flaw that may allow a remote denial of service. The issue is triggered when a TCP RST flag is sent to the snmpd service. Upon connection, the accept() call does not properly handle such a packet and crashes, resulting in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, IBM has released patch APAR IY17630 to address this vulnerability. It's available from the IBM Technical Support Web site.

Products

International Business Machines Corporation

AIX

4.3

References

CVE ID: 2001-0487 (see also: NVD)
ISS X-Force ID: 6996
Mail List Post: http://archives.neohapsis.com/archives/aix/2001-q2/0005.html
Vendor Specific Solution URL: http://service.software.ibm.com/rs6k/fixes.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/5611