IBM AIX FTPD Ephemeral Port Exhaustion Denial Of Service Vulnerability
BID:21940
Info
IBM AIX FTPD Ephemeral Port Exhaustion Denial Of Service Vulnerability
| Bugtraq ID: | 21940 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 08 2007 12:00AM |
| Updated: | Jan 09 2007 01:06AM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
IBM AIX 5.3 IBM AIX 5.2 IBM AIX 5.1 |
| Not Vulnerable: | |
Discussion
IBM AIX FTPD Ephemeral Port Exhaustion Denial Of Service Vulnerability
A remote denial-of-service vulnerability has been reported in the IBM AIX FTPD server implementation. A remote authenticated FTPD user may exhaust all available ephemeral network ports on the computer.
A successful exploit of this vulnerability could result in a denial of service because no new connections can be initiated on ephemeral ports. In addition, system resources could be impacted if all of these ports are in use.
IBM AIX versions 5.2 and 5.3 are vulnerable.
A remote denial-of-service vulnerability has been reported in the IBM AIX FTPD server implementation. A remote authenticated FTPD user may exhaust all available ephemeral network ports on the computer.
A successful exploit of this vulnerability could result in a denial of service because no new connections can be initiated on ephemeral ports. In addition, system resources could be impacted if all of these ports are in use.
IBM AIX versions 5.2 and 5.3 are vulnerable.
Exploit / POC
IBM AIX FTPD Ephemeral Port Exhaustion Denial Of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
IBM AIX FTPD Ephemeral Port Exhaustion Denial Of Service Vulnerability
Solution:
IBM has released interim fixes to address this vulnerability. Please see the referenced advisory for more information.
IBM AIX 5.2
IBM AIX 5.3
Solution:
IBM has released interim fixes to address this vulnerability. Please see the referenced advisory for more information.
IBM AIX 5.2
-
IBM ftpd2_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/ftpd2_ifix.tar.Z -
IBM IY91787
http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html
IBM AIX 5.3
-
IBM ftpd2_ifix.tar.Z
ftp://aix.software.ibm.com/aix/efixes/security/ftpd2_ifix.tar.Z -
IBM IY89168
http://www-1.ibm.com/servers/eserver/support/pseries/aixfixes.html
References
IBM AIX FTPD Ephemeral Port Exhaustion Denial Of Service Vulnerability
References:
References:
- IBM AIX Home Page (IBM)