CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM » AIX : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-4817 DoS 2012-09-14 2013-04-04
5.0
None Remote Low Not required None None Partial
The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.
2 CVE-2006-6914 +Info 2006-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.
3 CVE-2004-0243 2004-11-23 2008-09-05
5.0
None Remote Low Not required Partial None None
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
4 CVE-2003-0696 DoS 2004-01-20 2008-09-05
5.0
None Remote Low Not required None None Partial
The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion).
5 CVE-2003-0285 2003-06-16 2008-09-05
5.0
None Remote Low Not required None Partial None
IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail.
6 CVE-2002-1619 DoS Overflow 2002-03-08 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump).
7 CVE-2002-1201 DoS 2002-10-28 2008-09-10
5.0
None Remote Low Not required None None Partial
IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers.
8 CVE-2002-1041 2002-10-04 2008-09-05
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames.
9 CVE-2002-1040 2002-10-04 2008-09-05
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames.
10 CVE-2001-1554 DoS 2001-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets.
11 CVE-2001-0998 DoS 2001-09-24 2008-09-05
5.0
None Remote Low Not required None None Partial
IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.
12 CVE-2000-0441 2000-05-24 2008-09-10
5.0
None Remote Low Not required None Partial None
Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.
13 CVE-1999-1075 DoS 1998-03-18 2008-09-05
5.0
None Remote Low Not required None None Partial
inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not properly closed by inetd.
14 CVE-1999-0628 1997-07-01 2008-09-09
5.0
None Remote Low Not required Partial None None
The rwho/rwhod service is running, which exposes machine status and user information.
15 CVE-1999-0566 DoS 1997-08-01 2008-09-09
5.0
None Remote Low Not required None None Partial
An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.
16 CVE-1999-0513 DoS 1998-01-05 2008-09-09
5.0
None Remote Low Not required None None Partial
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
17 CVE-1999-0345 DoS 1997-01-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
18 CVE-1999-0128 DoS 1996-12-18 2008-09-09
5.0
None Remote Low Not required None None Partial
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
19 CVE-1999-0116 DoS 1996-09-19 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.
20 CVE-1999-0111 1997-07-01 2008-09-09
5.0
None Remote Low Not required Partial None None
RIP v1 is susceptible to spoofing.
21 CVE-1999-0087 DoS 1998-02-01 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.
22 CVE-1999-0086 1998-01-08 2008-09-09
5.0
None Remote Low Not required None Partial None
AIX routed allows remote users to modify sensitive files.
23 CVE-1999-0024 1997-08-13 2008-09-09
5.0
None Remote Low Not required None Partial None
DNS cache poisoning via BIND, by predictable query IDs.
24 CVE-1999-0019 1996-04-24 2008-09-09
5.0
None Remote Low Not required None Partial None
Delete or create a file via rpc.statd, due to invalid information.
25 CVE-1999-0010 DoS 1998-04-08 2008-09-09
5.0
None Remote Low Not required None None Partial
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
Total number of vulnerabilities : 25   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.