Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.1525
Security Bulletin: Unauthorized access exposure on IBM SAN Volume
Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135
CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)
24 October 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Flex System V7000
IBM Storwize V3500 (2071)
IBM Storwize V3700 (2072)
IBM Storwize V5000
SAN Volume Controller
Publisher: IBM
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2013-2251 CVE-2013-2248 CVE-2013-2135
CVE-2013-2134 CVE-2013-2115 CVE-2013-1966
CVE-2013-1965
Reference: ASB-2013.0113
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004481
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller
and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134
CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)
Flash (Alert)
Document information
IBM Storwize V7000 (2076)
7.1
Version:
6.1, 6.2, 6.3, 6.4, 7.1
Operating system(s):
IBM Storwize V7000
Reference #:
S1004481
Modified date:
2013-10-22
Abstract
Administrative access to the system via the IP interface may be obtained
without authentication.
Content
VULNERABILITY DETAILS:
CVEID: CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115
CVE-2013-1966 CVE-2013-1965
DESCRIPTION:
The vulnerabilities can be exploited by a user with access to the system's
management IP interface using vulnerabilities in the Apache Struts component.
If successful, the user can gain access with superuser privilege which will
allow any modification to the configuration, including complete deletion.
CVE-2013-2251
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85756 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2013-2248
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85755 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE-2013-2135
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84763 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2013-2134
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84762 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2013-2115
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84543 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2013-1966
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84542 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-2013-1965
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85573 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
AFFECTED PRODUCTS AND VERSIONS:
IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V5000
IBM Storwize V3500
IBM Storwize V3700
IBM Flex System V7000
All products affected when running a code level below 7.1.0.5.
REMEDIATION:
For IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 and
IBM Flex System V7000, install PTF level 7.1.0.5 for SAN Volume Controller or
7.1.0.5 for Storwize V7000.
Workaround(s) & Mitigation(s):
Access to the system's IP interface can be restricted, for example using a
private network or firewall technology. Only users with access to the IP
interface can exploit the vulnerability.
REFERENCES:
- - Complete CVSS Guide
- - On-line Calculator V2
RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
ACKNOWLEDGEMENT
None
CHANGE HISTORY
16 October 2013: Original Copy Published
Cross reference information
Segment Product Component Platform Version Edition
Disk Storage Systems Flex System V7000 7.1 Platform Independent 6.4, 7.1
Disk Storage Systems IBM Storwize V3500 (2071) 7.1 Platform Independent 6.4, 7.1
Disk Storage Systems IBM Storwize V3700 (2072) 7.1 Platform Independent 6.4, 7.1
Disk Storage Systems IBM Storwize V5000 7.1 Platform Independent 7.1
Storage Virtualization SAN Volume Controller 7.1 SAN Volume Controller 6.1, 6.2, 6.3, 6.4, 7.1
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product
and service names might be trademarks of IBM or other companies. A current
list of IBM trademarks is available on the Web at "Copyright and trademark
information" at www.ibm.com/legal/copytrade.shtml.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUmiFPxLndAQH1ShLAQImWQ/+KQ/S3O/JCUDMlNp6a+fJvDgfkzGeGpQ8
zAz+HEG+PA9QcGYXUa2WdmZ9BqVHSr9R2N5SqdZIXq7maFHkUvjt8Y/h7WOS5Ax/
2061QFrO4bSx/owMvZ8TgRShJ9xS86P7M6DIGtmzPP/x4zBZKreA3DtgkbzgR9ai
V1aeph6+vRFXVFFLSNXQndxWMjHLafjrVXlb5qjHSUqml2Byl4VQ8iLJr3KOvJdI
/lKutZ64ihZBgbCjqa/gyseRPLxvyLVgKz1/t0vUrhe5H1/3dCUzAUnPIXusIoMe
Blk6sNHYyrFFUz6kOJ/7Tnz1YYsUv1yxq1zhnZtvh7DNGPfyfJBB/9oA/D0C0zVJ
wrUKf8V7qE6kuq/m8MNavsJ/1pEP1qmMtwalzbsMSxYxgBwTA7wKCloDvW3DxjdO
SdMoAuMoP4poPClEIAR3PIsMs2tkYTcjLxn7erEUZO7WlQ2wCDJMHxQpFv+HSVcb
0OmZRwlL3zcwJ0f8vbJ4TLThi7h38sfT1Mh+MN5wvgLosHcF3L3Di+J5EhcF1Yv+
cC75cZFlSFDAJVJVcLM4SW9k2sxEwpD/OioPdZroYii5U5KlRBWYMdW7e9OrlWwP
1XtSYtYfoK5l4dDsRYh6/D++h5J2JZ69RQ99J/PYog5Bsdjef0l/tVHetCUCczE2
g4S2Of3RN6Y=
=5VDh
-----END PGP SIGNATURE-----