ID CVE-2008-1594
Summary The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.
References
Vulnerable Configurations
  • cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
  • cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
    cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 29-09-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:C
oval via4
accepted 2008-07-07T04:00:22.494-04:00
class vulnerability
contributors
  • name Michael Wood
    organization Hewlett-Packard
  • name Michael Wood
    organization Hewlett-Packard
definition_extensions
  • comment IBM AIX 5200-10 is installed
    oval oval:org.mitre.oval:def:5076
  • comment IBM AIX 5300-06 is installed
    oval oval:org.mitre.oval:def:4813
  • comment IBM AIX 5300-07 is installed
    oval oval:org.mitre.oval:def:5707
description The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.
family unix
id oval:org.mitre.oval:def:5434
status accepted
submitted 2008-04-18T15:10:44.000-05:00
title IBM AIX Multiple Privilege Escalation and Security Bypass Vulnerabilities
version 43
refmap via4
aixapar
  • IZ04946
  • IZ04953
  • IZ05246
bid 28467
confirm
sectrack 1019606
vupen ADV-2008-0865
Last major update 29-09-2017 - 01:30
Published 31-03-2008 - 23:44
Last modified 29-09-2017 - 01:30
Back to Top