IBM AIX and Virtual I/O Server "dupmsg" Denial of Service Vulnerability

Secunia ID	SA50003
CVE-ID	CVE-2012-0723
Release Date	27 Jul 2012
Criticality	Less Critical
Solution Status	Vendor Patch
Where	Local system
Impact	DoS (Denial of Service) This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Description	A vulnerability has been reported in IBM AIX and IBM Virtual I/O Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused to an error when exporting a "dupmsg" kernel extension call to user space and can be exploited to cause a system crash. Please see the vendor's advisory for a list of affected versions.
Solution	Apply Interim Fixes. IBM AIX version 5.3.12.6: Apply Interim Fix IV22694s05.120713.epkg.Z IBM AIX version 6.1.6.8: Apply Interim Fix IV22693s07.120713.epkg.Z IBM AIX version 6.1.7.5: Apply Interim Fix IV22695s04.120724.epkg.Z IBM AIX version 7.1.0.6: Apply Interim Fix IV22696s05.120713.epkg.Z IBM AIX version 7.1.1.5: Apply Interim Fix IV22697s04.120724.epkg.Z IBM Virtual I/O Server 2.2.1.4-FP-25 SP-02: Apply Interim Fix IV22695s04.120628.epkg.Z
Reported by	The vendor credits Jakub Wartak.
Original Advisory	IBM (IV22693, IV22694, IV22695, IV22696, IV22697): http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.