漏洞类别:AIX
漏洞等级: 
漏洞信息
IBM AIX is prone to the following vulnerabilities:
When the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.
An attacker can measure timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server
sshd does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
Affected Platforms:
AIX 5.3, 6.1, 7.1 and 7.2
Note:The detection requires root privileges to run "emgr -c" to check for patches. In absence of such privileges, the detection may not output actual results.
漏洞危害
Exploitation could allow a remote attacker to execute arbitrary code.
解决方案
The vendor has released fixes to resolve this vulnerability. Refer to AIX Advisory openssh_advisory9 to obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论