CVE-2012-4817
https://notcve.org/view.php?id=CVE-2012-4817
The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors. La implementación del cliente NFSv4 en IBM AIX v5.3, v6.1, y v7.1, y VIOS anteriores a v2.2.1.4-FP-25 SP-02, no maneja valores GID de forma adecuada, lo que permite a atacantes remotos a provocar una denegación de servicio a través de vectores no especificados. • http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc http://osvdb.org/85427 http://secunia.com/advisories/50619 http://www.ibm.com/support/docview.wss?uid=isg1IV10327 http://www.ibm.com/support/docview.wss?uid=isg1IV11629 http://www.ibm.com/support/docview.wss?uid=isg1IV12169 http://www.ibm.com/support/docview.wss?uid=isg1IV17855 http://www.ibm.com/support/docview.wss? •
CVE-2012-0745
https://notcve.org/view.php?id=CVE-2012-0745
The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors. La función de getpwnam en IBM AIX v5.3, v6.1 y v7.1 y VIOS v2.1.0.10 hasta v2.2.1.3 no interactúa correctamente con el filtrado de usuarios extendido de LDAP, lo que permite a usuarios locales conseguir privilegios a través de vectores no especificados. • http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc http://osvdb.org/81683 http://secunia.com/advisories/49073 http://www.ibm.com/support/docview.wss?uid=isg1IV18464 http://www.ibm.com/support/docview.wss?uid=isg1IV18637 http://www.ibm.com/support/docview.wss?uid=isg1IV18638 http://www.ibm.com/support/docview.wss?uid=isg1IV19077 http://www.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-1385
https://notcve.org/view.php?id=CVE-2011-1385
IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194. IBM AIX 5.3, 6.1, y 7.1, y VIOS 2.1.x y 2.2.x, permite a atacantes remotos provocar una denegación de servicio (caída del sistema) a través de un paquete Echo Reply ICMP que contenga 1 en el campo Identifier, una vulnerabilidad distinta a la CVE-2012-0194. • http://aix.software.ibm.com/aix/efixes/security/icmp_advisory.asc http://osvdb.org/79631 http://secunia.com/advisories/48149 http://www.ibm.com/support/docview.wss?uid=isg1IV03369 http://www.ibm.com/support/docview.wss?uid=isg1IV04695 http://www.ibm.com/support/docview.wss?uid=isg1IV07188 http://www.ibm.com/support/docview.wss?uid=isg1IV08255 http://www.ibm.com/support/docview.wss? • CWE-399: Resource Management Errors •