Vigil@nce: AIX 5.3, denial of service via LDAP
March 2010 by Vigil@nce
A local attacker may forbid the access to users authenticated by LDAP.
Consequences: denial of service of service
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 01/03/2010
DESCRIPTION OF THE VULNERABILITY
The authentication of users can be managed by LDAP.
When AIX 5.3 Technology Level 11 Service Pack 2 with bos.rte.security 126.96.36.199 is installed, legitimate users cannot access to the system via LDAP.
IBM does not indicate if this behavior is created by a bug, of if it can be created by a local attacker.
Identifiers: BID-38444, IZ69977, VIGILANCE-VUL-9477