Spoofing attack in IBM AIX

Published: 2017-12-14 14:03:00 | Updated: 2017-12-18 10:00:43
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2017-3735
CVSSv3 3.3 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:W/RC:C]
CWE ID CWE-125
Exploitation vector Network
Public exploit Not available
Vulnerable software IBM AIX
Vulnerable software versions IBM AIX 6.1.0
IBM AIX 7.2
IBM AIX 7.1
IBM AIX 5.3
Vendor URL IBM Corporation

Security Advisory

1) Out-of-bounds read

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to one-byte out-of-bounds read when parsing an IPAddressFamily extension in an X.509 certificate. A remote attacker can disguise text display of the certificate.

Remediation

Install update from vendor's website.

External links

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory24.asc

Back to List