Vigil@nce: AIX 5.3, denial of service via LDAP
March 2010 by Vigil@nce
A local attacker may forbid the access to users authenticated by
LDAP.
– Severity: 1/4
– Consequences: denial of service of service
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 01/03/2010
IMPACTED PRODUCTS
– IBM AIX
DESCRIPTION OF THE VULNERABILITY
The authentication of users can be managed by LDAP.
When AIX 5.3 Technology Level 11 Service Pack 2 with
bos.rte.security 5.3.11.1 is installed, legitimate users cannot
access to the system via LDAP.
IBM does not indicate if this behavior is created by a bug, of if
it can be created by a local attacker.
CHARACTERISTICS
– Identifiers: BID-38444, IZ69977, VIGILANCE-VUL-9477
– Url: http://vigilance.fr/vulnerability/AIX-5-3-denial-of-service-via-LDAP-9477