IBM AIX TCP/IP Vulnerability Lets Attackers Exploit to Launch Denial of Service Attack

IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system that could potentially lead to denial-of-service (DoS) attacks.

The affected kernel extensions—perfstat and TCP/IPmpresent risks to systems running on AIX 7.2, AIX 7.3, VIOS 3.1, and VIOS 4.1.

The vulnerabilities are tracked under CVE-2024-47102 and CVE-2024-52906, each with a Common Vulnerability Scoring System (CVSS) base score of 5.5.

Overview of Vulnerabilities

CVE-2024-47102 and CVE-2024-52906 highlight critical vulnerabilities within the AIX operating system.

CVE-2024-47102, classified under CWE-20 (Improper Input Validation), is exploitable in the AIX perfstat kernel extension by a non-privileged local user, leading to denial of service through system crashes or process disruptions.

Similarly, CVE-2024-52906, identified in the AIX TCP/IP kernel extension, arises from a race condition (CWE-362), enabling local users to exploit the flaw and trigger DoS scenarios. Both vulnerabilities pose significant risks to system stability and security.

Affected Versions

Here is the information in a table format:

Product	Affected Version	Key Affected Fileset	Impacted Version Range
AIX 7.2	AIX 7.2.5.0 – AIX 7.3.2.1	bos.net.tcp.client_core	AIX 7.2.5.0 – AIX 7.3.2.1
AIX 7.3	AIX 7.2.5.0 – AIX 7.3.2.0	bos.perf.perfstat	AIX 7.2.5.0 – AIX 7.3.2.0
VIOS 3.1	AIX 7.2.5.0 – AIX 7.3.2.1	bos.net.tcp.client_core	AIX 7.2.5.0 – AIX 7.3.2.1
VIOS 4.1	AIX 7.2.5.0 – AIX 7.3.2.0	bos.perf.perfstat	AIX 7.2.5.0 – AIX 7.3.2.0

Remediation and Fixes

IBM strongly recommends applying the necessary fixes to mitigate these vulnerabilities. Fixes are available for affected AIX and VIOS versions.

A reboot is generally required after installation, but administrators can use Live Update in AIX 7.2 and 7.3 to avoid downtime.

1. Updating AIX and VIOS
   The fixes can be downloaded from IBM’s platform:
   AIX efixes Example interim fix packages include:

• IJ52366s6a.241113.epkg.Z (TCP/IP kernel extensions)
• IJ52533m8a.241204.epkg.Z (perfstat kernel extensions) Ensure the integrity of downloaded files using SHA-256 checksums.

Installing Fix Packages: Preview or install fixes using these commands:

• Preview Fix Installation:
  installp -a -d fix_name -p all
• Install Fix:
  installp -a -d fix_name -X all For interim fixes:
• Preview Interim Fix:
  emgr -e ipkg_name -p
• Install Interim Fix:
  emgr -e ipkg_name -X

IBM advises creating a mksysb backup of the system prior to any updates. Ensure it is bootable and readable to avoid risks during updates. No workarounds or mitigations are available for these vulnerabilities, making immediate action crucial.

IBM encourages administrators to subscribe to My Notifications to receive updates on future security bulletins:My Notifications.

These vulnerabilities highlight the importance of keeping operating systems up-to-date with the latest security patches.

By addressing CVE-2024-47102 and CVE-2024-52906, organizations can safeguard their AIX systems against potential denial-of-service attacks.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide