Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0537
Security Bulletin: IBM Security Virtual Server Protection for VMware System
can be affected by vulnerabilities in OpenSSL
16 April 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Security Virtual Server Protection
Publisher: IBM
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-2131 CVE-2012-2110 CVE-2012-1165
CVE-2011-4619 CVE-2011-4576 CVE-2011-1473
CVE-2006-7250
Reference: ESB-2012.0732
ESB-2012.0606
ESB-2012.0532
ESB-2012.0480
ESB-2012.0408
ESB-2012.0389
ESB-2012.0388
ESB-2012.0027
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21631322
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM Security Virtual Server Protection for VMware System
can be affected by vulnerabilities in OpenSSL (CVE-2011-1473, CVE-2011-4576,
CVE-2011-4619, CVE-2012-2131 and CVE-2012-1165)
Flash (Alert)
Document information
IBM Security Virtual Server Protection for VMware
Software version:
1.1, 1.1.0.1
Operating system(s):
Firmware
Reference #:
1631322
Modified date:
2013-04-12
Abstract
IBM Security Virtual Server Protection for VMware System can be affected by
several vulnerabilities in OpenSSL. These vulnerabilities include obtaining
sensitive information, denial of service and code execution vulnerabilities
that could be exploited remotely by an attacker.
Content
VULNERABILITY DETAILS
The following information was provided by OpenSSL. In the case of IBM Security
Virtual Server Protection for VMware System the Local Management Interface,
SSH and the security management network ports are affected by the
vulnerabilities with the exception of CVE-2011-1473 and CVE-2012-2131 which
only affect the Local Management Interface. Further, for each vulnerability
identified below, no authentication is required, the vulnerability is remotely
exploitable, and no specialized knowledge is required.
CVE-ID: CVE-2011-1473
DESCRIPTION:
Multiple implementations of the Transport Layer Security (TLS) protocol,
including SSL, are vulnerable to a denial of service. By initiating multiple
SSL renegotiation handshakes or by initiating many SSL connections, a remote
attacker could exploit this vulnerability to utilize CPU resources.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/71068 for the
current score CVSS
Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2011-4576
DESCRIPTION:
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does
not properly initialize data structures for block cipher padding, which might
allow remote attackers to obtain sensitive information by decrypting the
padding data sent by an SSL peer.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/72130 for the
current score CVSS
Environmental Score*: Undefined
CVSS Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE-ID: CVE-2011-4619
DESCRIPTION:
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s
and 1.x before 1.0.0f does not properly handle handshake restarts, which
allows remote attackers to cause a denial of service (CPU consumption) via
unspecified vectors.
CVSS Base Score: 4.3 CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/72132 for the current score CVSS
Environmental Score*: Undefined CVSS Vector (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE ID: CVE-2012-2131
DESCRIPTION:
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v
allow remote attackers to conduct buffer overflow attacks, and cause a denial
of service (memory corruption) or possibly have unspecified other impact, via
crafted DER data, as demonstrated by an X.509 certificate or an RSA public
key. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2012-2110.
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/75099 for the
current score CVSS
Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE ID: CVE-2012-1165
DESCRIPTION:
The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u
and 1.x before 1.0.0h allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via a crafted S/MIME message,
a different vulnerability than CVE-2006-7250.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74100 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
AFFECTED PRODUCTS AND VERSIONS:
Products: IBM Security Virtual Server Protection for VMware (VSP) Versions:
1.1.0.0, 1.1.0.1
REMEDIATION:
The following IBM Threat Fixpacks have the fixes for these vulnerabilities.
1.1.0.0-ISS-VSP-FP002 for IBM Security Virtual Server Protection for VMware
System products at version 1.1.0.0 1.1.0.1-ISS-VSP-host-svm-FP002 for IBM
Security Virtual Server Protection for VMware System products at version
1.1.0.1
IBM Security Virtual Server Protection for VMware System users on version 1.0
should upgrade to version 1.1.0.0, with fixpack 1.1.0.0-ISS-VSP-FP002, or
version 1.1.0.1, with fixpack 1.1.0.1-ISS-VSP-host-svm-FP002, or later.
Contact IBM Security Systems Support
(http://www-947.ibm.com/support/entry/portal/overview) to upgrade to the above
required Fixpacks.
Workaround(s): None
Mitigation(s): None
REFERENCES:
Complete CVSS Guide
On-line Calculator V2
CVE-2011-1473
CVE-2012-2131
CVE-2011-4576
CVE-2011-4619
CVE-2012-1165
http://xforce.iss.net/xforce/xfdb/71068
http://xforce.iss.net/xforce/xfdb/72130
http://xforce.iss.net/xforce/xfdb/72132
http://xforce.iss.net/xforce/xfdb/75099
http://xforce.iss.net/xforce/xfdb/74100
RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
ACKNOWLEDGEMENT
None
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUWzy7+4yVqjM2NGpAQK9gBAAwBmHmEHPQBTzfxhIccZm9LfPr+qhzbO9
2Hv3NMmCDyTiaw6LLXi6Q1QQRcCX8ERywyyYtdQ5CdHr2nyl4j+EhRyE46iAsMvK
9hEaXo+JXFBa/+ugYbAC3v8CHjjrO7NlOnwMRG3ewpxbUZ6tpoViSTC2hZDtCB8i
McYcY4PkPk1fgzThEGXsHO2WXACFRAQy3XufJNsUgh5QXgo1lQE++CJaPqj9LvNk
4OEfleqQwQjBXXvzyZrRXMDsTtdsfMIL1Cm4IQMmbDmnbjnjBsPepbpECQ0JpLHM
TJASTBof1XABPz6U4SHHd0xBnd1OufOsvF7Q1ni28ulg2DZNlbfX0mkcaAkWsmXU
/W+q7qpxkOPMV8So733xNWrPNqSJ9ouAyuHrVxbORTJLuYhJI3ho4Dpr4zqRgUjd
j+//oGS7MtqrtX9VXiYpn33eFQXSh3z6pvcTHJd6OWQI36zq2NQhLxTHe3cpKCl5
MZhCZ2kjPNhKZRM990uSDOUYqrUdw5XU8Ns/9RYiSNaZ8MLHPEV6XEih4hf/UVNE
6aFX6JFDEnLj5l9rTV+W5Ph2p5Xy+r3V7sTNyqZUAom7da3WAbwW2HGTxIjKXpXc
NHOd4Y4gWUJLrMvnfRRyFgau2oRhyEG2w2QTK1tjtOfvZTZTjC9y9fK+MDTOIn2W
x8deiMBRI50=
=kqQj
-----END PGP SIGNATURE-----