Vulnerability Details : CVE-2012-0723
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2012-0723
- cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:vios:2.2.1.4:fp-25_sp-02:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0723
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0723
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2012-0723
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0723
-
http://www.securitytracker.com/id?1027315
IBM AIX dupmsg() Bug Lets Local Users Deny Service - SecurityTracker
-
http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74134
IBM AIX bos.rte.tty and bos.rte.libc denial of service CVE-2012-0723 Vulnerability Report
-
http://www.ibm.com/support/docview.wss?uid=isg1IV22696
IBM IV22696: SYSTEM CRASH WHEN DUPMSG IS CALLED FROM APPLICATION APPLIES TO AIX 7100-00
-
http://www.ibm.com/support/docview.wss?uid=isg1IV22695
IBM IV22695: SYSTEM CRASH WHEN DUPMSG IS CALLED FROM APPLICATION APPLIES TO AIX 6100-07
-
http://www.ibm.com/support/docview.wss?uid=isg1IV22693
IBM IV22693: SYSTEM CRASH WHEN DUPMSG IS CALLED FROM APPLICATION APPLIES TO AIX 6100-06
-
http://www.ibm.com/support/docview.wss?uid=isg1IV22694
IBM IV22694: SYSTEM CRASH WHEN DUPMSG IS CALLED FROM APPLICATION APPLIES TO AIX 5300-12
-
http://www.ibm.com/support/docview.wss?uid=isg1IV22697
IBM IV22697: SYSTEM CRASH WHEN DUPMSG IS CALLED FROM APPLICATION APPLIES TO AIX 7100-01
Jump to