CVE-2008-1594 - The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent v

CVE-2008-1594

Summary

The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.

References

Vulnerable Configurations

cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 29-09-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

oval via4

accepted

2008-07-07T04:00:22.494-04:00

class

vulnerability

contributors

name Michael Wood
organization Hewlett-Packard
name Michael Wood
organization Hewlett-Packard

definition_extensions

comment IBM AIX 5200-10 is installed
oval oval:org.mitre.oval:def:5076
comment IBM AIX 5300-06 is installed
oval oval:org.mitre.oval:def:4813
comment IBM AIX 5300-07 is installed
oval oval:org.mitre.oval:def:5707

description

family

unix

oval:org.mitre.oval:def:5434

status

accepted

submitted

2008-04-18T15:10:44.000-05:00

title

IBM AIX Multiple Privilege Escalation and Security Bypass Vulnerabilities

version

refmap via4

aixapar	IZ04946 IZ04953 IZ05246
bid	28467
confirm	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155
sectrack	1019606
vupen	ADV-2008-0865

Last major update

29-09-2017 - 01:30

Published

31-03-2008 - 23:44

Last modified

29-09-2017 - 01:30