#VU243 Denial of service in IBM AIX - CVE-2016-0281

Cybersecurity Help s.r.o.

Published: 2016-08-01 | Updated: 2018-11-22

Vulnerability identifier: #VU243

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-0281

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM AIX
Operating systems & Components / Operating system

Vendor: IBM Corporation

Description
The vulnerability allows a remote attacker to cause the target adapter to crash.

The vulnerability exists in IBM AIX. A remote unauthenticated attacker can trigger a flaw in the mustendd device driver and cause the target IBM AIX FC5899/FC1763 adapter to crash by sending specially crafted packets to the target system.

Successful exploitation of this vulnerability may result in denial of service.

Mitigation
Install the latest versions:

5.3.12: IV84184
6.1.9: IV80569
7.1.3: IV82421
7.1.4: IV81459
7.2.0: IV81357

Vulnerable software versions

IBM AIX: 5.3 - 7.2

External links
https://aix.software.ibm.com/aix/efixes/security/mustendd_advisory.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in IBM AIX