漏洞类别:AIX
漏洞等级: 
漏洞信息
AIX is prone to the following vulnerabilities:
OpenSSL could allow a remote attacker to obtain sensitive information, by sending an overly long ASN.1 string to the X509_NAME_oneline() function. (CVE-2016-2176)
OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a buffer underflow when deserializing untrusted ASN.1 structures and later reserializes them. (CVE-2016-2108)
OpenSSL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the EVP_EncryptUpdate() function. (CVE-2016-2105, CVE-2016-2106)
Affected Platforms:
AIX 5.3, AIX 6.1, AIX 7.1, AIX 7.2
Note:The detection requires root privileges to run "emgr -c" to check for patches. In absence of such privileges, the detection may not output actual results.
漏洞危害
An attacker could exploit this vulnerability to consume all available resources and exhaust memory.
解决方案
The vendor has released fixes to resolve this vulnerability. Refer to AIX Advisory to obtain more information
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论