-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0176
           Security Advisory: Oracle Sun Systems Products Suite
                               18 July 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Oracle Sun Systems Products Suite
Operating System:     Windows
                      UNIX variants (UNIX, Linux, OSX)
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                      Modify Arbitrary Files          -- Remote/Unauthenticated      
                      Denial of Service               -- Remote/Unauthenticated      
                      Access Confidential Data        -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-3057 CVE-2018-2937 CVE-2018-2932
                      CVE-2018-2930 CVE-2018-2928 CVE-2018-2927
                      CVE-2018-2926 CVE-2018-2924 CVE-2018-2923
                      CVE-2018-2921 CVE-2018-2920 CVE-2018-2918
                      CVE-2018-2917 CVE-2018-2916 CVE-2018-2908
                      CVE-2018-2906 CVE-2018-2905 CVE-2018-2903
                      CVE-2018-2901 CVE-2018-2892 CVE-2018-1171
                      CVE-2015-7501  
Member content until: Friday, August 17 2018
Reference:            ASB-2018.0083
                      ASB-2018.0081
                      ASB-2018.0019
                      ASB-2017.0180

OVERVIEW

        Multiple vulnerabilities have been identified in 
         Hardware Management Pack, version  11.3
         Oracle SuperCluster Specific Software, versions prior to
          2.5.0
         Solaris, versions  10,  11.2,  11.3
         Solaris Cluster, versions  3.3,  4.3
         Sun ZFS Storage Appliance Kit (AK), versions prior to
          8.7.20
         Tape Library ACSLS, versions Prior to ACSLS 8.4.0-3
        [1]


IMPACT

        The vendor has provided the following information regarding
        the vulnerabilities:
        
        "This Critical Patch Update contains 22 new security fixes
        for the Oracle Sun Systems Products Suite.   10 of these
        vulnerabilities may be remotely exploitable without
        authentication,  i.e.,  may be exploited over a network
        without requiring user credentials." [1]
        
        
        
        "CVE-2018-2930
        
        9.8
        
        AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
        
        Supported versions that are affected are 3.3 and  4.3.
        Easily exploitable vulnerability allows unauthenticated
        attacker with network access via RPC to compromise Solaris
        Cluster.  Successful attacks of this vulnerability can
        result in takeover of Solaris Cluster.
        
        CVE-2015-7501
        
        8.8
        
        AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
        Supported versions that are affected are Prior to ACSLS
        8.4.0-3. Easily exploitable vulnerability allows low
        privileged attacker with network access via multiple
        protocols to compromise Tape Library ACSLS.  Successful
        attacks of this vulnerability can result in takeover of Tape
        Library ACSLS.
        
        CVE-2018-3057
        
        8.2
        
        AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
        
        The supported version that is affected is Prior to 8.7.18.
        Easily exploitable vulnerability allows high privileged
        attacker with logon to the infrastructure where Sun ZFS
        Storage Appliance Kit (AK) executes to compromise Sun ZFS
        Storage Appliance Kit (AK).  While the vulnerability is in
        Sun ZFS Storage Appliance Kit (AK), attacks may
        significantly impact additional products.  Successful
        attacks of this vulnerability can result in takeover of Sun
        ZFS Storage Appliance Kit (AK).
        
        CVE-2018-2928
        
        8.1
        
        AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
        
        The supported version that is affected is 11.3. Easily
        exploitable vulnerability allows unauthenticated attacker
        with network access via multiple protocols to compromise
        Solaris.  Successful attacks require human interaction from
        a person other than the attacker. Successful attacks of this
        vulnerability can result in  unauthorized creation, deletion
        or modification access to critical data or all Solaris
        accessible data as well as  unauthorized access to critical
        data or complete access to all Solaris accessible data.
        
        CVE-2018-2892
        
        7.8
        
        AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
        
        Supported versions that are affected are 10 and  11.3.
        Easily exploitable vulnerability allows low privileged
        attacker with logon to the infrastructure where Solaris
        executes to compromise Solaris.  Successful attacks of this
        vulnerability can result in takeover of Solaris.
        
        CVE-2018-2908
        
        7.7
        
        AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
        
        The supported version that is affected is 11.3. Easily
        exploitable vulnerability allows low privileged attacker
        with network access via RPC to compromise Solaris.  While
        the vulnerability is in Solaris, attacks may significantly
        impact additional products.  Successful attacks of this
        vulnerability can result in unauthorized ability to cause a
        hang or frequently repeatable crash (complete DOS) of
        Solaris.
        
        CVE-2018-2926
        
        7.6
        
        AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
        
        The supported version that is affected is 11.3. Easily
        exploitable vulnerability allows low privileged attacker
        with network access via ISCSI to compromise Solaris.
        Successful attacks of this vulnerability can result in
        unauthorized ability to cause a hang or frequently
        repeatable crash (complete DOS) of Solaris as well as
        unauthorized update, insert or delete access to some of
        Solaris accessible data and  unauthorized read access to a
        subset of Solaris accessible data.
        
        CVE-2018-2918
        
        7.5
        
        AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
        
        The supported version that is affected is Prior to 8.7.18.
        Difficult to exploit vulnerability allows unauthenticated
        attacker with network access via multiple protocols to
        compromise Sun ZFS Storage Appliance Kit (AK).  Successful
        attacks require human interaction from a person other than
        the attacker. Successful attacks of this vulnerability can
        result in takeover of Sun ZFS Storage Appliance Kit (AK).
        
        CVE-2018-2920
        
        7.4
        
        AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
        
        The supported version that is affected is Prior to 8.7.19.
        Easily exploitable vulnerability allows low privileged
        attacker with network access via multiple protocols to
        compromise Sun ZFS Storage Appliance Kit (AK).  While the
        vulnerability is in Sun ZFS Storage Appliance Kit (AK),
        attacks may significantly impact additional products.
        Successful attacks of this vulnerability can result in
        unauthorized update, insert or delete access to some of Sun
        ZFS Storage Appliance Kit (AK) accessible data as well as
        unauthorized read access to a subset of Sun ZFS Storage
        Appliance Kit (AK) accessible data and unauthorized ability
        to cause a partial denial of service (partial DOS) of Sun
        ZFS Storage Appliance Kit (AK).
        
        CVE-2018-2932
        
        7.1
        
        AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H
        
        The supported version that is affected is Prior to 2.5.0.
        Difficult to exploit vulnerability allows unauthenticated
        attacker with network access via multiple protocols to
        compromise Oracle SuperCluster Specific Software.
        Successful attacks require human interaction from a person
        other than the attacker. Successful attacks of this
        vulnerability can result in  unauthorized access to critical
        data or complete access to all Oracle SuperCluster Specific
        Software accessible data as well as  unauthorized update,
        insert or delete access to some of Oracle SuperCluster
        Specific Software accessible data and unauthorized ability
        to cause a hang or frequently repeatable crash (complete
        DOS) of Oracle SuperCluster Specific Software.
        
        CVE-2018-1171
        
        7.0
        
        AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
        
        Supported versions that are affected are 10 and  11.3.
        Difficult to exploit vulnerability allows low privileged
        attacker with logon to the infrastructure where Solaris
        executes to compromise Solaris.  Successful attacks of this
        vulnerability can result in takeover of Solaris.
        
        CVE-2018-2921
        
        5.8
        
        AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
        
        The supported version that is affected is Prior to 8.7.18.
        Easily exploitable vulnerability allows unauthenticated
        attacker with network access via HTTP to compromise Sun ZFS
        Storage Appliance Kit (AK).  While the vulnerability is in
        Sun ZFS Storage Appliance Kit (AK), attacks may
        significantly impact additional products.  Successful
        attacks of this vulnerability can result in  unauthorized
        read access to a subset of Sun ZFS Storage Appliance Kit
        (AK) accessible data.
        
        CVE-2018-2924
        
        5.7
        
        AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
        
        The supported version that is affected is Prior to 8.7.18.
        Easily exploitable vulnerability allows high privileged
        attacker with logon to the infrastructure where Sun ZFS
        Storage Appliance Kit (AK) executes to compromise Sun ZFS
        Storage Appliance Kit (AK).  While the vulnerability is in
        Sun ZFS Storage Appliance Kit (AK), attacks may
        significantly impact additional products.  Successful
        attacks of this vulnerability can result in  unauthorized
        update, insert or delete access to some of Sun ZFS Storage
        Appliance Kit (AK) accessible data as well as  unauthorized
        read access to a subset of Sun ZFS Storage Appliance Kit
        (AK) accessible data and unauthorized ability to cause a
        partial denial of service (partial DOS) of Sun ZFS Storage
        Appliance Kit (AK).
        
        CVE-2018-2937
        
        5.3
        
        AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
        
        The supported version that is affected is Prior to 8.7.19.
        Easily exploitable vulnerability allows unauthenticated
        attacker with network access via HTTP to compromise Sun ZFS
        Storage Appliance Kit (AK).  Successful attacks of this
        vulnerability can result in  unauthorized update, insert or
        delete access to some of Sun ZFS Storage Appliance Kit (AK)
        accessible data.
        
        CVE-2018-2917
        
        5.3
        
        AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
        
        The supported version that is affected is Prior to 8.7.18.
        Easily exploitable vulnerability allows unauthenticated
        attacker with network access via multiple protocols to
        compromise Sun ZFS Storage Appliance Kit (AK).  Successful
        attacks of this vulnerability can result in unauthorized
        ability to cause a partial denial of service (partial DOS)
        of Sun ZFS Storage Appliance Kit (AK).
        
        CVE-2018-2905
        
        5.3
        
        AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
        
        The supported version that is affected is Prior to 8.7.20.
        Easily exploitable vulnerability allows unauthenticated
        attacker with network access via SSL/TLS to compromise Sun
        ZFS Storage Appliance Kit (AK).  Successful attacks of this
        vulnerability can result in  unauthorized read access to a
        subset of Sun ZFS Storage Appliance Kit (AK) accessible
        data.
        
        CVE-2018-2903
        
        4.4
        
        AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
        
        Supported versions that are affected are 10 and  11.3.
        Easily exploitable vulnerability allows high privileged
        attacker with logon to the infrastructure where Solaris
        executes to compromise Solaris.  Successful attacks of this
        vulnerability can result in  unauthorized access to critical
        data or complete access to all Solaris accessible data.
        
        CVE-2018-2927
        
        4.3
        
        AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
        
        The supported version that is affected is Prior to 8.7.18.
        Easily exploitable vulnerability allows low privileged
        attacker with network access via HTTP to compromise Sun ZFS
        Storage Appliance Kit (AK).  Successful attacks of this
        vulnerability can result in  unauthorized read access to a
        subset of Sun ZFS Storage Appliance Kit (AK) accessible
        data.
        
        CVE-2018-2906
        
        3.7
        
        AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
        
        The supported version that is affected is 11.3. Difficult to
        exploit vulnerability allows unauthenticated attacker with
        network access via IPMI to compromise Hardware Management
        Pack.  Successful attacks of this vulnerability can result
        in  unauthorized read access to a subset of Hardware
        Management Pack accessible data.
        
        CVE-2018-2901
        
        3.7
        
        AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
        
        Supported versions that are affected are 10 and  11.2.
        Difficult to exploit vulnerability allows unauthenticated
        attacker with network access via DHCP to compromise Solaris.
        Successful attacks of this vulnerability can result in
        unauthorized ability to cause a partial denial of service
        (partial DOS) of Solaris.
        
        CVE-2018-2916
        
        2.7
        
        AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
        
        The supported version that is affected is Prior to 8.7.18.
        Easily exploitable vulnerability allows high privileged
        attacker with network access via multiple protocols to
        compromise Sun ZFS Storage Appliance Kit (AK).  Successful
        attacks of this vulnerability can result in unauthorized
        ability to cause a partial denial of service (partial DOS)
        of Sun ZFS Storage Appliance Kit (AK).
        
        CVE-2018-2923
        
        2.3
        
        AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
        
        The supported version that is affected is Prior to 8.7.20.
        Easily exploitable vulnerability allows high privileged
        attacker with logon to the infrastructure where Sun ZFS
        Storage Appliance Kit (AK) executes to compromise Sun ZFS
        Storage Appliance Kit (AK).  Successful attacks of this
        vulnerability can result in  unauthorized read access to a
        subset of Sun ZFS Storage Appliance Kit (AK) accessible
        data." [2]


MITIGATION

        Oracle states:
        
        "Due to the threat posed by a successful attack, Oracle
        strongly recommends that customers apply CPU fixes as soon
        as possible. Until you apply the CPU fixes, it may be
        possible to reduce the risk of successful attack by blocking
        network protocols required by an attack. For attacks that
        require certain privileges or access to certain packages,
        removing the privileges or the ability to access the
        packages from users that do not need the privileges may help
        reduce the risk of successful attack. Both approaches may
        break application functionality, so Oracle strongly
        recommends that customers test changes on non-production
        systems. Neither approach should be considered a long-term
        solution as neither corrects the underlying problem." [1]


REFERENCES

        [1] Oracle Critical Patch Update Advisory - July 2018
            http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

        [2] Text Form of Oracle Critical Patch Update - July 2018 Risk Matrices
            http://www.oracle.com/technetwork/security-advisory/cpujul2018verbose-4258253.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW07m4maOgq3Tt24GAQhMzA//S9e51Am+dgbynbOZG2HONxNYEjL+Mwe8
4vnxMMkfWWZWmYb54RVbA3sUb3qM3mDSf4jBWRJDXXHpjXlnBTiUUn59ADWutdJn
jaTvSarGqjnPRpfTUVDjCJTn4Xy361m64Y/IdKDxQYVSveDmnpts/wzaVVeG087O
xhPXU2s9FAF16Tb10rL0VE88xQDU+ClpPOLs0KyJFlv2DfCcnH+KYK1AStPalW/2
RfGhRibHc18OfrtyPGjNFk9IDSmPm8L5riWo1YalDoQ0CUQbvSYAlIvq+yR4wfMd
7mRPgTO3eZCw7Ug7a9tQUB32G3hr0fbdO3C2glBMsW6Ai6hACFe6Abe+8QvvjfoU
17+MTWI5LcgUCW41sShDUh9bJquV8PDhc7TgyqJcW/Q/nM58ctuMUgGdy/NRG4sB
jWraHIEDvuszRlg8BQxiqCaWm5I03Qe15i03nv9Jm0HgrVru2RMB6LRBNzCLO2MX
L1hS9RE+xG7CzkfYStFBpaXX/TfWZXQYOtzp0/pT/FZRuBTLoV2AWIod8QKAnaKB
aTSx+hH4aGKOYt5BtwnVjnMbsMmYYPvzGV1/oQB0KqvqSr0v5bzP0uZexfMkQwLh
LGKnV//X0PcphQePyDOKL+jkZbTn1mnauw2eKkJP0I40oycBGKEH/swBFSNRmfz8
A2gd+u9hT0s=
=h3aX
-----END PGP SIGNATURE-----