CVE-2008-1594

Name of the Vulnerable Software and Affected Versions IBM AIX versions 5.2 through 5.3

Description The issue arises from improper handling of resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes. This allows local users of one node to cause a denial of service by crashing a remote node. The denial of service can be triggered by using commands such as chfs or lreducelv to reduce a filesystem's size.

Recommendations For IBM AIX versions 5.2 and 5.3, consider restricting access to the chfs and lreducelv commands to prevent unauthorized users from reducing a filesystem's size and causing a denial of service. Additionally, avoid using these commands to resize JFS2 filesystems on concurrent volume groups spread across multiple nodes until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.