Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.1525 Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965) 24 October 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Flex System V7000 IBM Storwize V3500 (2071) IBM Storwize V3700 (2072) IBM Storwize V5000 SAN Volume Controller Publisher: IBM Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 Reference: ASB-2013.0113 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004481 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965) Flash (Alert) Document information IBM Storwize V7000 (2076) 7.1 Version: 6.1, 6.2, 6.3, 6.4, 7.1 Operating system(s): IBM Storwize V7000 Reference #: S1004481 Modified date: 2013-10-22 Abstract Administrative access to the system via the IP interface may be obtained without authentication. Content VULNERABILITY DETAILS: CVEID: CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 DESCRIPTION: The vulnerabilities can be exploited by a user with access to the system's management IP interface using vulnerabilities in the Apache Struts component. If successful, the user can gain access with superuser privilege which will allow any modification to the configuration, including complete deletion. CVE-2013-2251 CVSS Base Score: 7.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85756 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2013-2248 CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85755 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVE-2013-2135 CVSS Base Score: 7.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84763 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2013-2134 CVSS Base Score: 7.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84762 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2013-2115 CVSS Base Score: 7.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84543 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2013-1966 CVSS Base Score: 7.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84542 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVE-2013-1965 CVSS Base Score: 6.8 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85573 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) AFFECTED PRODUCTS AND VERSIONS: IBM SAN Volume Controller IBM Storwize V7000 IBM Storwize V5000 IBM Storwize V3500 IBM Storwize V3700 IBM Flex System V7000 All products affected when running a code level below 7.1.0.5. REMEDIATION: For IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 and IBM Flex System V7000, install PTF level 7.1.0.5 for SAN Volume Controller or 7.1.0.5 for Storwize V7000. Workaround(s) & Mitigation(s): Access to the system's IP interface can be restricted, for example using a private network or firewall technology. Only users with access to the IP interface can exploit the vulnerability. REFERENCES: - - Complete CVSS Guide - - On-line Calculator V2 RELATED INFORMATION: IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog ACKNOWLEDGEMENT None CHANGE HISTORY 16 October 2013: Original Copy Published Cross reference information Segment Product Component Platform Version Edition Disk Storage Systems Flex System V7000 7.1 Platform Independent 6.4, 7.1 Disk Storage Systems IBM Storwize V3500 (2071) 7.1 Platform Independent 6.4, 7.1 Disk Storage Systems IBM Storwize V3700 (2072) 7.1 Platform Independent 6.4, 7.1 Disk Storage Systems IBM Storwize V5000 7.1 Platform Independent 7.1 Storage Virtualization SAN Volume Controller 7.1 SAN Volume Controller 6.1, 6.2, 6.3, 6.4, 7.1 Copyright and trademark information IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUmiFPxLndAQH1ShLAQImWQ/+KQ/S3O/JCUDMlNp6a+fJvDgfkzGeGpQ8 zAz+HEG+PA9QcGYXUa2WdmZ9BqVHSr9R2N5SqdZIXq7maFHkUvjt8Y/h7WOS5Ax/ 2061QFrO4bSx/owMvZ8TgRShJ9xS86P7M6DIGtmzPP/x4zBZKreA3DtgkbzgR9ai V1aeph6+vRFXVFFLSNXQndxWMjHLafjrVXlb5qjHSUqml2Byl4VQ8iLJr3KOvJdI /lKutZ64ihZBgbCjqa/gyseRPLxvyLVgKz1/t0vUrhe5H1/3dCUzAUnPIXusIoMe Blk6sNHYyrFFUz6kOJ/7Tnz1YYsUv1yxq1zhnZtvh7DNGPfyfJBB/9oA/D0C0zVJ wrUKf8V7qE6kuq/m8MNavsJ/1pEP1qmMtwalzbsMSxYxgBwTA7wKCloDvW3DxjdO SdMoAuMoP4poPClEIAR3PIsMs2tkYTcjLxn7erEUZO7WlQ2wCDJMHxQpFv+HSVcb 0OmZRwlL3zcwJ0f8vbJ4TLThi7h38sfT1Mh+MN5wvgLosHcF3L3Di+J5EhcF1Yv+ cC75cZFlSFDAJVJVcLM4SW9k2sxEwpD/OioPdZroYii5U5KlRBWYMdW7e9OrlWwP 1XtSYtYfoK5l4dDsRYh6/D++h5J2JZ69RQ99J/PYog5Bsdjef0l/tVHetCUCczE2 g4S2Of3RN6Y= =5VDh -----END PGP SIGNATURE-----