AIX 5.3 TL 12 : bos.net.tcp.client (U846347)

2014-03-06T00:00:00
ID AIX_U846347.NASL
Type nessus
Reporter Tenable
Modified 2014-03-06T00:00:00

Description

The remote host is missing AIX PTF U846347, which is related to the security of the package bos.net.tcp.client.

Vulnerability which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands.

Note: The ifix provided also contains the fix for CVE-2012-0194 and CVE-2011-1385 since they affect the same fileset.

See the following for CVE-2012-0194: http://aix.software.ibm.com/aix/efixes/security/large_send_a dvisory.asc CVE-2011-1385: http://aix.software.ibm.com/aix/efixes/security/icmp_advisor y.asc.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were extracted
# from AIX Security PTF U846347. The text itself is copyright (C)
# International Business Machines Corp.
#

include("compat.inc");

if (description)
{
  script_id(72842);
  script_version("$Revision: 1.1 $");
  script_cvs_date("$Date: 2014/03/06 11:47:45 $");

  script_cve_id("CVE-2012-0194");

  script_name(english:"AIX 5.3 TL 12 : bos.net.tcp.client (U846347)");
  script_summary(english:"Check for PTF U846347");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote AIX host is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is missing AIX PTF U846347, which is related to the
security of the package bos.net.tcp.client.

Vulnerability which allows remote attackers to (1) register or (2)
unregister RPC services, and consequently cause a denial of service or
obtain sensitive information from interprocess communication, via
crafted UDP packets containing service commands. 

Note: The ifix provided also contains the fix for CVE-2012-0194 and
CVE-2011-1385 since they affect the same fileset.

See the following for CVE-2012-0194:
http://aix.software.ibm.com/aix/efixes/security/large_send_a
dvisory.asc CVE-2011-1385:
http://aix.software.ibm.com/aix/efixes/security/icmp_advisor
y.asc."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IV17941"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www-01.ibm.com/support/docview.wss?uid=isg1IV13827"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install the appropriate missing security-related fix."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/01/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/06");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014 Tenable Network Security, Inc.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AIX/oslevel", "Host/AIX/version", "Host/AIX/lslpp");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

flag = 0;

if ( aix_check_patch(ml:"530012", patch:"U846347", package:"bos.net.tcp.client.5.3.12.6") < 0 ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");