Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2017.0179
Security Advisory: Oracle Sun Systems Products Suite
18 October 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Oracle Sun Systems Products Suite
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2017-10275 CVE-2017-10265 CVE-2017-10260
CVE-2017-10194 CVE-2017-10099 CVE-2017-3588
CVE-2016-7431 CVE-2016-6304
Member content until: Friday, November 17 2017
Reference: ASB-2017.0164
ASB-2017.0115
ESB-2016.2239.2
ESB-2016.2238
OVERVIEW
Multiple vulnerabilities have been identified in
Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S
Servers, versions prior to XCP2340 and prior to XCP3030
Oracle Integrated Lights Out Manager (ILOM), versions
prior to 3.2.6
Solaris Cluster, versions 3.3, 4.3
SPARC Enterprise M3000, M4000, M5000, M8000, M9000
Servers, versions prior to XCP 1123
SPARC M7, T7, S7 based Servers, versions prior to 9.7.6.b
Sun ZFS Storage Appliance Kit (AK), version AK 2013
[1]
IMPACT
The vendor has provided the following information regarding
to the vulnerabilities:
"This Critical Patch Update contains 10 new security fixes
for the Oracle Sun Systems Products Suite. 6 of these
vulnerabilities may be remotely exploitable without
authentication, i.e., may be exploited over a network
without requiring user credentials."
[1]
"CVE-2016-6304
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
The supported version that is affected is SCz 7.x. Easily
exploitable vulnerability allows unauthenticated attacker
with network access via TLS to compromise Oracle
Communications Unified Session Manager. Successful attacks
of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS)
of Oracle Communications Unified Session Manager.
CVE-2017-10260
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
The supported version that is affected is Prior to 3.2.6.
Easily exploitable vulnerability allows unauthenticated
attacker with network access via HTTP to compromise Oracle
Integrated Lights Out Manager (ILOM). Successful attacks of
this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS)
of Oracle Integrated Lights Out Manager (ILOM).
CVE-2016-6304
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
The supported version that is affected is SCz 7.x. Easily
exploitable vulnerability allows unauthenticated attacker
with network access via TLS to compromise Oracle
Communications Unified Session Manager. Successful attacks
of this vulnerability can result in unauthorized ability to
cause a hang or frequently repeatable crash (complete DOS)
of Oracle Communications Unified Session Manager.
CVE-2017-10265
7.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
The supported version that is affected is Prior to 3.2.6.
Easily exploitable vulnerability allows unauthenticated
attacker with network access via HTTP to compromise Oracle
Integrated Lights Out Manager (ILOM). Successful attacks of
this vulnerability can result in unauthorized update,
insert or delete access to some of Oracle Integrated Lights
Out Manager (ILOM) accessible data as well as unauthorized
read access to a subset of Oracle Integrated Lights Out
Manager (ILOM) accessible data and unauthorized ability to
cause a partial denial of service (partial DOS) of Oracle
Integrated Lights Out Manager (ILOM).
CVE-2017-3588
7.3
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Supported versions that are affected are 3.3 and 4.3.
Easily exploitable vulnerability allows unauthenticated
attacker with logon to the infrastructure where Solaris
Cluster executes to compromise Solaris Cluster. Successful
attacks require human interaction from a person other than
the attacker. Successful attacks of this vulnerability can
result in unauthorized creation, deletion or modification
access to critical data or all Solaris Cluster accessible
data as well as unauthorized access to critical data or
complete access to all Solaris Cluster accessible data and
unauthorized ability to cause a partial denial of service
(partial DOS) of Solaris Cluster.
CVE-2016-7431
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Supported versions that are affected are Prior to XCP2340
and Prior to XCP3030. Easily exploitable vulnerability
allows unauthenticated attacker with network access via NTP
to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2,
M12-2S Servers. Successful attacks of this vulnerability
can result in unauthorized update, insert or delete access
to some of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2,
M12-2S Servers accessible data.
CVE-2016-7431
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Supported versions that are affected are Prior to XCP2340
and Prior to XCP3030. Easily exploitable vulnerability
allows unauthenticated attacker with network access via NTP
to compromise Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2,
M12-2S Servers. Successful attacks of this vulnerability
can result in unauthorized update, insert or delete access
to some of Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2,
M12-2S Servers accessible data.
CVE-2017-10275
5.0
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
The supported version that is affected is AK 2013. Easily
exploitable vulnerability allows low privileged attacker
with logon to the infrastructure where Sun ZFS Storage
Appliance Kit (AK) executes to compromise Sun ZFS Storage
Appliance Kit (AK). Successful attacks require human
interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of Sun ZFS Storage Appliance
Kit (AK).
CVE-2017-10099
4.4
AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
The supported version that is affected is Prior to 9.7.6.b.
Easily exploitable vulnerability allows high privileged
attacker with logon to the infrastructure where SPARC M7,
T7, S7 based Servers executes to compromise SPARC M7, T7, S7
based Servers. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of SPARC M7, T7, S7 based
Servers.
CVE-2017-10194
2.7
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
The supported version that is affected is Prior to 3.2.6.
Easily exploitable vulnerability allows high privileged
attacker with network access via HTTP to compromise Oracle
Integrated Lights Out Manager (ILOM). Successful attacks of
this vulnerability can result in unauthorized read access
to a subset of Oracle Integrated Lights Out Manager (ILOM)
accessible data."
[2]
MITIGATION
Oracle states:
"Due to the threat posed by a successful attack, Oracle
strongly recommends that customers apply CPU fixes as soon
as possible. Until you apply the CPU fixes, it may be
possible to reduce the risk of successful attack by blocking
network protocols required by an attack. For attacks that
require certain privileges or access to certain packages,
removing the privileges or the ability to access the
packages from users that do not need the privileges may help
reduce the risk of successful attack. Both approaches may
break application functionality, so Oracle strongly
recommends that customers test changes on non-production
systems. Neither approach should be considered a long-term
solution as neither corrects the underlying problem." [1]
REFERENCES
[1] Oracle Critical Patch Update Advisory - October 2017
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
[2] Text Form of Oracle Critical Patch Update - October 2017 Risk
Matrices
http://www.oracle.com/technetwork/security-advisory/cpuoct2017verbose-3236627.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWebdQ4x+lLeg9Ub1AQgmORAAqkOpEGR3IuG4R9XvZ4K8y66Itrj76Vl/
VUAekrHDp7mjQENXxH1ckXc8hJxUMcNgh//isPLcyyCMJmmyATbxPQ08OkOMwyrb
k4qr4Ezrl84dVVZyRsNBOchxeQsfj9o9pkO8hZ2x9NLvRFmS0UakHejy61l0xmNo
3p5WQCuyPlj0nA5puutD3lCvw9E6TxPVD9LNNGUV0pXN2VeAvwK6T8SLYjZcMIHN
cH7w57J0q5rLIMa2BXgm20nrxD2FwXh2g2niW/ybc8DXXG0Cuy3Mosc1qjNTj3Zk
SI5kCmkQv3t3B2ZGVwEjXmsi7/REabt0rXiP2jOJDv2X0s6HFSJsayEapso3AmYY
ok9DgaNyykPWZC6aRH+4a21gYcEOZCe2GQDAVd3I/pvuOV6O7k/jmmwkTz0E0bNb
+cf+teRuR+So8XeLHNLvIY2S4SUhBGjE6gNN6BxUMHbtkE4p9Nc/+uHlGpMy4N+N
S+qTR3B9zWpil4+mXlroYci8i0/b7nyEcDIkf/TFMPv01j5VIM8OByahGSU9swqx
jMqkanMjUb81pQ7DVr8BSTcQGN+LcFyElvdNxG6BFzCe1/H/qWmmb35BzCFrbG/R
QnQfdnbAgmPkbkpXeWEHZQoKdOz7EQr30wReNfmKMxHcdGwcmM/UdSux93GJ5/6w
pC5HEuLIqZg=
=I3ev
-----END PGP SIGNATURE-----