Oval Definition:oval:org.mitre.oval:def:29181
Revision Date:2015-08-03Version:14
Title:AIX NAS allows remote users to obtain sensitive information from process heap memory
Description:The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2014-9423
Platform(s):IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis
  • platforms
  • IBM AIX 6.1 is installed
  • OR IBM AIX 7.1 is installed
  • AND filesets
  • File Version Exists
  • krb5.server.rte greater than or equal 1.4.0.8
  • AND krb5.server.rte less than or equal 1.6.0.2
  • OR File Version Exists
  • krb5.client.rte greater than or equal 1.4.0.8
  • AND krb5.client.rte less than or equal 1.6.0.2
    • BACK