The OVAL Repository5.62015-09-03T07:25:13.708-04:00IBM AIX "qosmod" Command Buffer Overflow Privilege Escalation IssueIBM AIX 6.1Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in muxatmd.IBM AIX 5.2IBM AIX 5.3IBM AIX 6.1Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAIX NFSv4 nfs_portmon vulnerabilityIBM AIX 5.3IBM AIX 6.1nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDAIX NFSv4 Kerberos vulnerabilityIBM AIX 5.3IBM AIX 6.1gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.Pai PengDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in autoconf6.IBM AIX 5.3IBM AIX 6.1Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMalloc subsystem in libc in IBM AIX 5.3 and 6.1 vulnerability.IBM AIX 5.3IBM AIX 6.1The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDWPAR system call implementation in the kernel in IBM AIX 6.1 denial of service.IBM AIX 6.1The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDat allows local users to read arbitrary files.IBM AIX 5.2IBM AIX 5.3IBM AIX 6.1at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDMultiple unspecified vulnerabilities in IBM AIX rmsock."IBM AIX 5.2IBM AIX 5.3IBM AIX 6.1Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5300-00 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-00.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5300-01 through 5300-06 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-01 through 5300-06.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 'swcons' Insecure File Creation VulnerabilityIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. NOTE: this can be leveraged to gain privileges. NOTE: this issue exists because of an incomplete fix for CVE-2007-5805.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDUntrusted search path vulnerability in chnfsmnt in IBM AIX 6.1.IBM AIX 6.1Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAIX uspchrp buffer overflowIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX Kernel Buffer Overflow Lets Local Users Gain Elevated Privileges or Deny ServiceIBM AIX 5.3IBM AIX 6.1Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX Buffer Overflow in errpt Command May Let Local Users Gain Elevated PrivilegesIBM AIX 5.3IBM AIX 6.1Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDAIX pioout buffer overflowIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.Michael WoodDRAFTINTERIMACCEPTEDAharon CherninINTERIMACCEPTEDACCEPTEDIBM AIX 5300-00 through 5300-05 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-00 through 5300-05.Aharon CherninDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDcrontab allows local users to gain privileges by launching an editor.IBM AIX 6.1crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAIX utape buffer overflowIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX lsmcode Environment Variable Bug Lets Local Users Gain Root PrivilegesIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.Michael WoodDRAFTINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDACCEPTEDIBM AIX 'nddstat' Commands Let Local Users Gain Root PrivilegesIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.Michael WoodDRAFTINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDACCEPTEDIBM AIX Input Validation Flaw in iostat Command Lets Local Users Gain Root PrivilegesIBM AIX 5.3IBM AIX 6.1Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX "man" Untrusted Binaries Path Privilege Escalation VulnerabilityIBM AIX 5.3IBM AIX 6.1Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory.Yuzheng ZhouDRAFTINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDACCEPTEDIBM AIX Kernel Bugs Let Local Users Execute Arbitrary Code, Access Data, and Deny ServiceIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.Michael WoodDRAFTINTERIMACCEPTEDMichael WoodINTERIMACCEPTEDACCEPTEDIBM AIX 5300-07 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-07.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-00 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-00.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5200-10 is installedIBM AIX 5.2The operating system installed on the system is IBM AIX version 5200-10.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5300-06 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-06.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.JaikumarDRAFTDRAFTVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.JaikumarDRAFTDRAFTVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.JaikumarDRAFTDRAFTVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.JaikumarDRAFTDRAFTAIX 'NTPv4' vulnerabilityIBM AIX 6.1IBM AIX 7.1** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.JaikumarJaikumar KulkarniINTERIMAIX 'NTPv4' vulnerabilityIBM AIX 6.1IBM AIX 7.1The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.JaikumarJaikumar KulkarniINTERIMVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D.JaikumarDRAFTDRAFTAIX OpenSSL CMS Code vulnerabilityIBM AIX 6.1IBM AIX 7.1The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.JaikumarJaikumar KulkarniINTERIMVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590.JaikumarDRAFTDRAFTAIX OpenSSL DTLS peer vulnerability (segmentation fault or memory corruption)IBM AIX 6.1IBM AIX 7.1The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.JaikumarJaikumar KulkarniINTERIMVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.JaikumarDRAFTDRAFTAIX OpenSSL binary polynomial field vulnerabilityIBM AIX 6.1IBM AIX 7.1The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication.JaikumarJaikumar KulkarniINTERIMAIX Logjam VulnerabilityIBM AIX 6.1IBM AIX 7.1The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.JaikumarJaikumar KulkarniINTERIMVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.JaikumarDRAFTDRAFTAIX OpenSSL X509_cmp_time vulnerabilityIBM AIX 6.1IBM AIX 7.1The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.JaikumarJaikumar KulkarniINTERIMVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.JaikumarDRAFTDRAFTVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.JaikumarDRAFTDRAFTAIX NAS allows remote users to obtain sensitive information from process heap memoryIBM AIX 6.1IBM AIX 7.1The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in SSLv3 affects ftpd, sendmaild, imapd, and popd on AIXIBM AIX 6.1IBM AIX 7.1The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.JaikumarDRAFTJaikumar KulkarniINTERIMACCEPTEDACCEPTEDVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D.JaikumarDRAFTDRAFTVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment.JaikumarDRAFTDRAFTAIX NAS denial of service vulnerabilityIBM AIX 6.1IBM AIX 7.1The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL PKCS#7 parsing code vulnerabilityIBM AIX 6.1IBM AIX 7.1The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.JaikumarJaikumar KulkarniINTERIMVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service (memory corruption)IBM AIX 6.1IBM AIX 7.1Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.JaikumarDRAFTDRAFTVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.JaikumarDRAFTDRAFTAIX OpenSSL Denial of Service (assertion failure and daemon exit)IBM AIX 6.1IBM AIX 7.1The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.PuneethDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.PuneethDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.PuneethDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.PuneethDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service (invalid read operation and application crash)IBM AIX 6.1IBM AIX 7.1The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDAIX NAS Denial of Service via a zero-byte version string or by omitting the '\0' characterIBM AIX 6.1IBM AIX 7.1MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDNetwork Time Protocol (NTP) vulnerability in AIXIBM AIX 6.1IBM AIX 7.1util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.JaikumarDRAFTJaikumar KulkarniINTERIMACCEPTEDJaikumar KulkarniINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service (memory corruption and application crash)IBM AIX 6.1IBM AIX 7.1Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service (NULL pointer dereference and application crash)IBM AIX 6.1IBM AIX 7.1The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDAIX Malloc vulnerabilityIBM AIX 6.1IBM AIX 7.1The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in current releases of the IBM SDK,Java Technology EditionIBM AIX 6.1IBM AIX 7.1tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain sensitive information from memory or cause a denial of service (packet loss or segmentation fault) via a crafted Ad hoc On-Demand Distance Vector (AODV) packet, which triggers an out-of-bounds memory access.JaikumarDRAFTJaikumar KulkarniINTERIMACCEPTEDACCEPTEDVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX.JaikumarDRAFTDRAFTNetwork Time Protocol (NTP) vulnerability in AIXIBM AIX 6.1IBM AIX 7.1The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.JaikumarDRAFTJaikumar KulkarniINTERIMACCEPTEDJaikumar KulkarniINTERIMACCEPTEDACCEPTEDVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service (NULL pointer dereference and application crash)IBM AIX 6.1IBM AIX 7.1The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.JaikumarDRAFTDRAFTAIX NAS allows remote users to obtain administrative access by leveraging access to a two-component principalIBM AIX 6.1IBM AIX 7.1The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDAIX cmdlvm vulnerabilityIBM AIX 6.1IBM AIX 7.1lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.PuneethDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 7100-03 is installedIBM AIX 7.1The operating system installed on the system is IBM AIX version 7100-03.PuneethDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-09 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-09.PuneethDRAFTINTERIMACCEPTEDACCEPTEDAIX NAS Denial of Service via malformed XDR dataIBM AIX 6.1IBM AIX 7.1The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.JaikumarDRAFTDRAFTMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.PuneethDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.JaikumarDRAFTDRAFTVulnerability in IBM SDK Java JSSE affects AIXIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.JaikumarDRAFTDRAFTAIX OpenSSL Denial of Service (invalid write operation and memory corruption)IBM AIX 6.1IBM AIX 7.1The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.JaikumarDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.PuneethDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL NewSessionTicket vulnerabilityIBM AIX 6.1IBM AIX 7.1Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.JaikumarJaikumar KulkarniINTERIMMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.PuneethDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.PuneethDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.PuneethDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL DTLS recursion flawIBM AIX 6.1IBM AIX 7.1Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash) via a large priority (PRI) value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3634.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDNetwork Time Protocol (NTP) vulnerability in AIXIBM AIX 6.1IBM AIX 7.1Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.JaikumarDRAFTJaikumar KulkarniINTERIMACCEPTEDJaikumar KulkarniINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.PuneethDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager.PuneethDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.PuneethDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDReturn only new keys in randkeyIBM AIX 6.1IBM AIX 7.1The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.PuneethDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in current releases of the IBM® SDK,Java Technology
EditionIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelated to 2D, a different vulnerability than CVE-2014-6591.PuneethDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDOpen Source RSyslog vulnerabilityIBM AIX 6.1IBM AIX 7.1rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDIBM SDK Java Technology Edition vulnerabilityIBM AIX 6.1IBM AIX 7.1Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Patch to mitigate CVE-2014-3566IBM AIX 6.1IBM AIX 7.1The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX NAS double-free in SPNEGOIBM AIX 6.1IBM AIX 7.1Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX NAS denial of service vulnerabilityIBM AIX 6.1IBM AIX 7.1MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service due to memory overwriteIBM AIX 6.1IBM AIX 7.1Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service due to improper handling of the return valueIBM AIX 6.1IBM AIX 7.1Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service due to memory leak in DTLS SRTP extensionIBM AIX 6.1IBM AIX 7.1Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service due to memory allocation of large length valuesIBM AIX 6.1IBM AIX 7.1d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX NAS null deref in SPNEGO acceptorIBM AIX 6.1IBM AIX 7.1The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service due to double freeIBM AIX 6.1IBM AIX 7.1Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX Malloc vulnerabilityIBM AIX 6.1IBM AIX 7.1The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL allows attackers to obtain sensitive informationIBM AIX 6.1IBM AIX 7.1The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service due to memory consumptionIBM AIX 6.1IBM AIX 7.1Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Man-in-the-Middle attack related to protocol downgrade issueIBM AIX 6.1IBM AIX 7.1The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service due to invalid SRP (1)g, (2)A or (3)B parameterIBM AIX 6.1IBM AIX 7.1Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service due to NULL pointer dereferenceIBM AIX 6.1IBM AIX 7.1The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX libxml2 vulnerabilityIBM AIX 6.1IBM AIX 7.1The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Denial of Service due to NULL pointer dereferenceIBM AIX 6.1IBM AIX 7.1The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX Malloc vulnerabilityIBM AIX 6.1IBM AIX 7.1The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.Manu M GDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in AIX bindIBM AIX 6.1IBM AIX 7.1The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.Prashant KumarDRAFTINTERIMACCEPTEDJaikumar KulkarniINTERIMACCEPTEDACCEPTEDAIX OpenSSL SSL_MODE_RELEASE_BUFFERS NULL pointer dereferenceIBM AIX 6.1IBM AIX 7.1The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.Sushant KumarDRAFTINTERIMACCEPTEDACCEPTEDArbitary file overwrite symlink in libodmIBM AIX 6.1IBM AIX 7.1libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL DTLS recursion flawIBM AIX 6.1IBM AIX 7.1The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.Sushant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSH VulnerabilityIBM AIX 6.1IBM AIX 7.1The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSH VulnerabilityIBM AIX 6.1IBM AIX 7.1sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDptrace vulnerability in AIXIBM AIX 6.1IBM AIX 7.1The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL Anonymous ECDH denial of serviceIBM AIX 6.1IBM AIX 7.1The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.Sushant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSL SSL/TLS Man In The Middle (MITM) vulnerabilityIBM AIX 6.1IBM AIX 7.1OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDRace condition in the ssl3_read_bytes function in s3_pkt.c inIBM AIX 6.1IBM AIX 7.1Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.Prashant KumarDRAFTINTERIMACCEPTEDACCEPTEDSecurity vulnerability in Perl for AIXIBM AIX 6.1IBM AIX 7.1The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDSecurity Vulnerability in WPAR ftp for AIXIBM AIX 6.1IBM AIX 7.1ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDNetwork Time Protocol (NTP) vulnerability in AIXIBM AIX 6.1IBM AIX 7.1The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.Prashant KumarDRAFTINTERIMACCEPTEDJaikumar KulkarniINTERIMACCEPTEDACCEPTEDAIX OpenSSL DTLS invalid fragment vulnerabilityIBM AIX 6.1IBM AIX 7.1The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.Sushant KumarDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSH VulnerabilityIBM AIX 5.3IBM AIX 6.1IBM AIX 7.1The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context and cause a denial of service (application crash) by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSH VulnerabilityIBM AIX 5.3IBM AIX 6.1IBM AIX 7.1The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSH VulnerabilityIBM AIX 5.3IBM AIX 6.1IBM AIX 7.1The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDAIX OpenSSH VulnerabilityIBM AIX 5.3IBM AIX 6.1IBM AIX 7.1The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the X server on AIXIBM AIX 6.1IBM AIX 7.1Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.Sushant Kumar SinghDRAFTINTERIMACCEPTEDACCEPTEDSecurity vulnerabilities in Perl for AIXIBM AIX 6.1IBM AIX 7.1CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDAIX NFSv4 vulnerabilityIBM AIX 6.1IBM AIX 7.1The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in AIX BINDIBM AIX 6.1IBM AIX 7.1BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.Ganesh ManalDRAFTINTERIMACCEPTEDJaikumar KulkarniINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDSecurity vulnerabilities in Perl for AIXIBM AIX 6.1IBM AIX 7.1The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDAIX fuser vulnerabilityIBM AIX 6.1IBM AIX 7.1fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.Ganesh ManalDRAFTINTERIMGanesh ManalACCEPTEDACCEPTED"Record of death" vulnerabilityIBM AIX 6.1OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Security vulnerabilities in Perl for AIXIBM AIX 6.1IBM AIX 7.1The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.Ganesh ManalDRAFTINTERIMGanesh ManalDEPRECATEDDEPRECATEDDenial of service vulnerability in BINDIBM AIX 6.1IBM AIX 7.1named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMemory leak vulnerability in AIX X-serverIBM AIX 6.1IBM AIX 7.1The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTED"Record of death" vulnerabilityIBM AIX 6.1The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDAIX WPAR specific system call vulnerabilityIBM AIX 6.1IBM AIX 7.1IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_limits_modify system calls, which allows local users to cause a denial of service (system crash) via a crafted call.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in AIX system callIBM AIX 6.1IBM AIX 7.1The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in AIX bindIBM AIX 6.1IBM AIX 7.1ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in the X serverIBM AIX 6.1IBM AIX 7.1Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in BINDIBM AIX 6.1IBM AIX 7.1named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in AIX BINDIBM AIX 6.1IBM AIX 7.1ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.Ganesh ManalDRAFTINTERIMACCEPTEDJaikumar KulkarniINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTED"Record of death" vulnerabilityIBM AIX 6.1The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in ICMP packet handlingIBM AIX 6.1IBM AIX 7.1IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in AIX RPCIBM AIX 6.1IBM AIX 7.1librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in AIX TCP stackIBM AIX 6.1IBM AIX 7.1The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in use of socketpairIBM AIX 6.1IBM AIX 7.1The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Security vulnerabilities in Perl for AIXIBM AIX 6.1IBM AIX 7.1CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.Ganesh ManalDRAFTINTERIMGanesh ManalDEPRECATEDDEPRECATEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in AIX BINDIBM AIX 6.1IBM AIX 7.1ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.Ganesh ManalDRAFTINTERIMACCEPTEDJaikumar KulkarniINTERIMACCEPTEDACCEPTEDAIX inventory scout file deletion and symlink vulnerabilityIBM AIX 6.1IBM AIX 7.1The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in AIX sendmail, sendmail_ssl andIBM AIX 6.1IBM AIX 7.1The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDArbitary file overwrite symlink in libodmIBM AIX 6.1IBM AIX 7.1libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in the X serverIBM AIX 6.1IBM AIX 7.1The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 6.1IBM AIX 7.1The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in LDAP AuthenticationIBM AIX 6.1IBM AIX 7.1The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.Ganesh ManalDRAFTINTERIMACCEPTEDACCEPTEDMultiple vulnerabilities in AIX BINDIBM AIX 6.1IBM AIX 7.1query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.Ganesh ManalDRAFTINTERIMACCEPTEDJaikumar KulkarniINTERIMACCEPTEDACCEPTEDVulnerability in AIX bindIBM AIX 5.3IBM AIX 6.1IBM AIX 7.1ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDACCEPTEDAIX ftp vulnerabilityIBM AIX 6.1IBM AIX 7.1The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 5.3IBM AIX 6.1IBM AIX 7.1The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.Chandan M CDRAFTChandan M CINTERIMACCEPTEDACCEPTEDtftp Security VulnerabilityIBM AIX 6.1IBM AIX 7.1The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDACCEPTEDAIX OpenSSH VulnerabilityIBM AIX 5.3IBM AIX 6.1IBM AIX 7.1The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDACCEPTEDPerl Digest Module Code Injection VulnerabilityIBM AIX 5.3IBM AIX 6.1IBM AIX 7.1Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDACCEPTEDIBM AIX 6100-05 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-05.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDMultiple OpenSSL vulnerabilitiesIBM AIX 5.3IBM AIX 6.1IBM AIX 7.1OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.Chandan M CDRAFTChandan M CINTERIMACCEPTEDACCEPTEDIBM AIX 6.1 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX 6.1.Michael WoodMichael WoodDRAFTMichael WoodINTERIMACCEPTEDChandan M CINTERIMACCEPTEDACCEPTEDIBM AIX 7.1 is installedIBM AIX 7.1The operating system installed on the system is IBM AIX 7.1.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in AIX inetIBM AIX 6.1IBM AIX 7.1The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDACCEPTEDSecurity Vulnerabilities in AIX InfiniBandIBM AIX 6.1IBM AIX 7.1Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-06 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-06.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 7100-00 is installedIBM AIX 7.1The operating system installed on the system is IBM AIX version 7100-00.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDAIX printer commands vulnerabilityIBM AIX 5.3IBM AIX 6.1IBM AIX 7.1Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 7100-02 is installedIBM AIX 7.1The operating system installed on the system is IBM AIX version 7100-02.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-08 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-08.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-07 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-07.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 7100-01 is installedIBM AIX 7.1The operating system installed on the system is IBM AIX version 7100-01.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5300-12 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 7100-02.Chandan M CDRAFTINTERIMACCEPTEDACCEPTEDAIX security vulnerabilities in sa_snapIBM AIX 5.3IBM AIX 6.1Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors.Yamini Mohan RDRAFTINTERIMACCEPTEDACCEPTEDAIX xntpd denial-of-service vulnerabilityIBM AIX 5.3IBM AIX 6.1ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.Yamini Mohan RDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5300-08 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-08.Michael WoodDRAFTINTERIMACCEPTEDACCEPTEDAIX rpc.pcnfsd integer overflow vulnerability.IBM AIX 5.3IBM AIX 6.1Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.Varun NarulaDRAFTINTERIMACCEPTEDR, Yamini MohanINTERIMACCEPTEDACCEPTEDIBM AIX 5300-09 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX version 5300-09.Aharon CherninDRAFTINTERIMACCEPTEDACCEPTEDAIX qoslist buffer overflow vulnerability.IBM AIX 6.1Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.Varun NarulaDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-01 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-01.Aharon CherninDRAFTAharon CherninINTERIMACCEPTEDACCEPTEDVulnerability with DNSSEC validation enabled in BIND.IBM AIX 6.1Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438.Varun NarulaDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-04 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-04.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-03 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-03.J. Daniel BrownDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 6100-02 is installedIBM AIX 6.1The operating system installed on the system is IBM AIX version 6100-02.Aharon CherninDRAFTAharon CherninINTERIMACCEPTEDACCEPTEDAIX OpenSSL session renegotiation vulnerabilityIBM AIX 5.2IBM AIX 5.3IBM AIX 6.1The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.Yamini Mohan RDRAFTINTERIMACCEPTEDACCEPTEDIBM AIX 5.3 is installedIBM AIX 5.3The operating system installed on the system is IBM AIX 5.3.Yuzheng ZhouDRAFTINTERIMACCEPTEDMichael WoodINTERIMMichael WoodACCEPTEDACCEPTEDIBM AIX 5.2 is installedIBM AIX 5.2The operating system installed on the system is IBM AIX 5.2.Yuzheng ZhouDRAFTINTERIMACCEPTEDMichael WoodINTERIMMichael WoodACCEPTEDACCEPTEDIZ71870IZ68231IZ71555IZ71627IZ48495IZ48501IZ48562IZ48561IZ48496IZ48499IZ48500devices.common.IBM.atm.rteIZ48502IZ50399IZ50444IZ49024IZ50496IZ49278IZ49096IZ32051IZ32016IZ30238IZ34753IZ32172IZ34393IZ30231IZ50129IZ50139IZ50121IZ50445IZ50500IZ50447IZ50517bos.rte.libcbos.adt.profIZ13392IZ11571IZ09280IZ43456IZ43458IZ43454IZ43453IZ43457IZ43455IZ43459IZ43452bos.rte.cronIZ41599IZ41510IZ42788IZ41593/usr/sbinrmsock/usr/sbinrmsock64IZ42786IZ42787IZ40386IZ42785IZ28943IZ18334IZ18338IZ18335IZ18341IZ18339IZ23556IZ20391IZ07042IZ06317IZ06621IZ06261IZ06489IZ22369IZ22368IZ22370IZ21494IZ19905IZ22348IZ22347IZ22346IZ10844IZ10841IZ10843IZ10840IZ10842IZ11328/usr/lib/lpd/pio/etcpiooutIZ11687printers.rteIZ11214IZ34783IZ34478bos.rte.cronIZ30248IZ06260IZ06315IZ06620IZ06488IZ07041IZ15277IZ15100IZ15276IZ14526IZ15057IZ14508IZ16975IZ17059IZ16991IZ17058IZ22351IZ21506IZ22350IZ20635IZ22349IZ17390IZ17372IZ17360IZ17177IZ12794IZ10749IZ16992IZ17111IZ1182000F850C34C00061812061715ntp.rte00F850C34C00061811065915IV68478IV68082IV67907IV6790800F850C34C0007100207171500F850C34C0007100407161500F850C34C00071002070415krb5.server.rtekrb5.client.rteJava6_64.sdkJava6.sdkJava71_64.sdkJava71.sdkJava7.sdkJava5.sdkJava7_64.sdkJava5_64.sdkrsyslog.baseJava5_64.sdkJava71.sdkJava7.sdkJava7_64.sdkJava5.sdkJava6_64.sdkJava71_64.sdkJava6.sdkkrb5.server.rtekrb5.client.rtebos.rte.libcopenssl.basebos.rte.controlopenssl.basebos.rte.libcbos.rte.odmbos.mp64perl.rtevwpar.52.rtevwpar.52.rtevwpar.52.rtevwpar.52.rteopenssl.baseopenssh.base.serveropenssl.baseX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rtebos.net.nfs.clientbos.net.nfs.clientbos.net.nfs.clientbos.net.nfs.clientbos.net.nfs.clientbos.net.nfs.clientbos.net.nfs.clientbos.net.nfs.clientbos.net.nfs.clientbos.net.nfs.clientperl.rtebos.rte.filesystemX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rtebos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.rte.ttybos.rte.ttybos.rte.ttybos.mp64bos.rte.ttybos.mp64bos.mp64bos.rte.ttybos.rte.ttybos.rte.ttybos.mp64bos.rte.ttybos.rte.ttybos.rte.ttybos.mp64bos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.serverOpenSSL-fips.basebos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64bos.mp64OpenSSL-fips.baseopenssl.baseperl.rteperl.rteperl.rteperl.rteperl.rteperl.rteperl.rteperl.rteperl.rteperl.rteinvscout.rtebos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.rte.odmbos.rte.odmbos.rte.odmbos.rte.odmbos.rte.odmbos.rte.odmbos.rte.odmbos.rte.odmbos.rte.odmbos.rte.odmX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteX11.base.rteOpenSSL-fips.baseopenssl.baseopenssl.baseOpenSSL-fips.basebos.rte.securitybos.rte.securitybos.rte.securitybos.rte.securitybos.rte.securitybos.rte.securitybos.rte.securitybos.rte.securitybos.rte.securitybos.rte.securitybos.rte.securitybos.rte.securitybos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.serverbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientbos.net.tcp.clientIV30247IV30367IV30368IV30364IV30185IV30365IV30366IV23331IV28651IV28715IV28785IV30669IV28787IV42935IV42700IV42933IV40221IV42932IV42934openssh.base.serverperl.rteopenssl.baseopenssl-fips.baseIV42072IV42124IV42095IV42264IV37925IV42229IV43756IV43562IV43827IV43561IV43582IV43580IV47428IV47427IV51388IV47430IV47429IZ83975IZ84167IZ81819IZ82630IZ83942IZ82245IZ83909bos.esagentIZ71608IZ71614IZ71093IZ71611IZ68659IZ71613IZ71610IZ73681IZ73590IZ73599IZ75440IZ73874IZ73757IZ75465IZ75369bos.net.nfs.clientIZ68194IZ71554IZ71869IZ71590IZ71667IZ68597IZ71774bos.net.tcp.serverbos.net.tcp.clientopenssl.base6.1.1.06.1.0.05.3.0.605.3.8.05.3.9.05.2.0.515.2.0.976.1.2.05.3.0.635.3.7.26.1.0.15.3.7.05.3.8.06.1.0.05.3.9.26.1.0.86.1.2.35.3.7.06.1.1.45.3.8.65.3.7.86.1.1.06.1.0.95.3.8.55.3.9.25.3.7.86.1.2.35.3.9.05.3.0.06.1.0.06.1.1.46.1.2.05.3.7.05.3.8.05.3.0.715.3.0.636.1.1.26.1.2.06.1.1.05.3.0.05.3.7.06.1.0.05.3.8.16.1.0.15.2.0.1065.3.7.15.2.0.05.3.8.05.3.9.05300-005300-015300-065.3.0.05.2.0.06.1.0.05.3.7.06.1.2.26.1.1.3true5.3.0.725.3.9.25.3.7.75.3.8.66.1.0.75300-05trueCOMMITTED6.1.1.16.1.0.06.1.2.06.1.2.16.1.1.05300-076100-005200-105300-066.1.0.47.1.0.46.1.9.456.1.9.487.1.3.456.1.0.07.1.3.487.1.3.307.1.2.186.1.8.186.1.9.307100-036100-09ALL_INSTALLED1.4.0.81.6.0.27.0.0.2556.0.0.4957.1.0.1355.0.0.6151.0.1.51312.9.8.25040.9.8.25040.9.8.2505STABLE1.0.1.51412.9.8.25057.1.3.307.1.2.181.61.51.5.0.71.6.0.26.0.0.4707.1.0.757.0.0.1955.0.0.5905.8.6.15.8.6.37.0.0.1355.0.0.5807.1.0.156.0.0.4601.6.0.11.5.0.01.5.0.41.5.0.31.6.0.15.3.12.97.1.3.07.1.2.175.3.12.06.1.7.206.1.8.07.1.3.157.1.1.06.1.7.06.1.9.06.1.9.157.1.1.207.1.2.06.1.8.170.9.8.4010.9.8.25031.0.1.5001.0.1.51212.9.8.110012.9.8.250312.9.8.11000.9.8.25020.9.8.40112.9.8.25027.1.3.156.1.9.156.1.9.07.1.2.06.1.8.06.1.8.177.1.2.171.0.1.5111.0.1.5007.1.2.177.1.2.06.1.7.06.1.9.06.1.9.157.1.3.06.1.8.07.1.1.207.1.1.07.1.3.156.1.8.176.1.7.206.1.8.176.1.9.156.1.9.05.3.12.67.1.2.06.1.8.07.1.3.07.1.2.177.1.1.205.3.12.07.1.1.06.1.7.06.1.7.206.1.8.06.1.9.07.1.2.156.1.8.07.1.3.06.1.9.06.1.7.167.1.1.07.1.1.167.1.3.06.1.7.07.1.2.06.0.0.61064.0.0.52006.1.9.26.1.7.06.1.8.177.1.3.07.1.1.206.1.7.207.1.1.05.3.12.06.1.8.07.1.2.177.1.2.05.3.12.97.1.3.26.1.9.01.0.1.5025.10.1.05.8.8.3665.10.1.2005.8.8.05.8.8.1235.10.1.1505.10.1.1005.8.8.1225.8.8.2441.1.2.171.1.2.01.1.1.191.1.0.05.3.12.06.1.8.06.1.7.06.1.7.206.1.9.15.3.12.107.1.2.06.1.8.177.1.1.07.1.1.206.1.8.197.1.3.26.1.9.07.1.3.00.9.8.4011.0.1.5000.9.8.25011.0.1.51012.9.8.250112.9.8.11006.0.0.61031.0.1.5006.1.9.27.1.1.156.1.8.07.1.1.05.3.12.06.1.7.05.3.12.017.1.2.06.1.9.07.1.2.06.1.8.07.1.3.07.1.3.26.1.7.166.1.7.27.1.1.07.1.0.06.1.7.06.1.6.05.3.12.55.3.12.06.1.6.177.1.1.37.1.0.205.8.8.05.10.1.1505.8.8.05.8.8.05.8.8.1225.10.1.05.8.8.2445.10.1.05.10.1.1005.8.8.1237.1.1.177.1.2.06.1.8.07.1.2.06.1.7.176.1.8.06.1.7.06.1.6.07.1.1.07.1.1.27.1.0.07.1.0.166.1.4.36.1.5.06.1.4.06.1.7.26.1.6.176.1.5.27.1.0.06.1.7.17.1.1.06.1.7.07.1.0.156.1.6.166.1.6.07.1.1.06.1.5.86.1.5.07.1.0.207.1.0.06.1.6.207.1.1.06.1.7.06.1.7.167.1.1.166.1.6.196.1.7.06.1.7.167.1.0.185.3.12.07.1.0.07.1.1.05.3.12.47.1.1.166.1.6.06.1.6.07.1.1.165.3.12.07.1.1.06.1.7.167.1.1.167.1.0.06.1.7.05.3.12.05.3.12.76.1.7.07.1.0.217.1.0.196.1.7.166.1.6.06.1.6.196.1.6.207.1.0.05.3.12.47.1.1.06.1.6.05.3.12.46.1.6.06.1.4.105.3.12.05.3.12.07.1.0.156.1.5.56.1.4.06.1.5.65.3.12.26.1.6.06.1.6.156.1.4.86.1.5.06.1.6.157.1.0.06.1.4.07.1.0.06.1.5.07.1.0.1512.9.8.11036.1.5.06.1.5.76.1.7.15.3.12.55.3.12.06.1.7.07.1.1.17.1.0.177.1.1.07.1.0.06.1.6.06.1.6.166.1.7.07.1.0.06.1.5.76.1.6.06.1.6.165.3.12.06.1.7.17.1.0.177.1.1.17.1.1.06.1.5.05.3.12.56.1.5.86.1.6.05.3.12.07.1.1.36.1.6.176.1.7.35.3.12.56.1.5.07.1.0.07.1.0.177.1.1.06.1.7.07.1.1.155.3.12.07.1.0.07.1.0.196.1.7.06.1.6.07.1.1.05.3.12.56.1.6.196.1.7.1512.9.8.13010.9.8.13015.8.8.06.1.75.8.8.05.3.126.1.87.1.17.1.25.8.8.05.10.1.05.10.1.02.2.0.196.1.6.06.1.6.207.1.1.06.1.7.167.1.1.166.1.7.07.1.0.07.1.0.217.1.1.157.1.0.156.1.6.157.1.0.06.1.7.06.1.7.155.3.8.05.3.8.07.1.1.06.1.6.06.1.7.07.1.0.157.1.0.06.1.7.07.1.1.06.1.6.166.1.4.06.1.6.06.1.5.07.1.1.06.1.5.16.1.4.312.9.8.11030.9.8.11030.9.8.180012.9.8.18006.1.6.175.3.12.07.1.1.06.1.5.06.1.5.77.1.0.06.1.6.07.1.1.26.1.7.25.3.12.46.1.7.07.1.0.175.3.12.36.1.5.67.1.1.07.1.0.176.1.6.166.1.7.06.1.6.07.1.1.06.1.7.05.3.12.56.1.7.06.1.6.166.1.5.07.1.1.06.1.7.16.1.5.75.3.12.07.1.0.07.1.0.166.1.6.05.3.12.07.1.1.16.1.5.06.0.0.61016100-055.8.8.05.10.1.05.10.1.505.8.8.1227100-006100-008100-007100-000.9.8.240012.9.8.24006100-067100-007100-026100-086100-077100-015300-12ALL_INSTALLED06.06.0005.000206.05.0010.00005300-1106.05.0010.000306.06.0004.000706.06.0002.000506.06.0003.000006.06.0004.000006.06.0005.000006.06.0003.000506.05.0012.000106.05.0011.00005300-1006.05.0012.0000ALL_INSTALLED5300-126100-0506.05.0011.000406.06.0002.00005300-085.3.10.25.3.9.75.3.11.05.3.10.06.1.4.05300-105300-116.1.3.06.1.1.76.1.4.35.3.8.116.1.3.35.3.11.26.1.2.6ALL_INSTALLED6.1.1.05.3.9.05.3.8.05300-096100-055300-106.1.3.35300-115.3.11.06.1.4.05.3.11.35.3.10.35.3.10.05.3.12.06.1.3.06.1.2.76.1.5.06.1.5.05.3.12.05300-126.1.4.4ALL_INSTALLED5.3.9.55.3.9.06100-01ALL_INSTALLED6.1.1.76.1.1.06100-046100-036100-026.1.2.66.1.3.36.1.4.06.1.4.2ALL_INSTALLED6.1.3.06.1.4.16.1.2.06.1.3.26.1.4.06.1.2.46.1.3.06.1.2.05300-005400-005200-005300-000.9.8.11020.9.8.80512.9.8.11026200-006100-00