Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.0606
IBM PowerVC impacted by multiple vulnerabilities
13 March 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM PowerVC
Publisher: IBM
Operating System: Linux variants
Impact/Access: Access Privileged Data -- Remote/Unauthenticated
Modify Permissions -- Existing Account
Cross-site Scripting -- Remote with User Interaction
Provide Misleading Information -- Remote/Unauthenticated
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2015-0137 CVE-2015-0136 CVE-2014-8917
CVE-2014-7821 CVE-2014-7231 CVE-2014-7230
CVE-2014-6414
Reference: ESB-2015.0591
ESB-2015.0094
ESB-2014.2273
ESB-2014.2034
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020615
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020614
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020608
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020612
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020613
http://www-01.ibm.com/support/docview.wss?uid=nas8N1020611
Comment: This bulletin contains six (6) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM PowerVC May Be Impacted by XSS Vulnerabilities in Dojo
Toolkit (CVE-2014-8917)
Document information
More support for:
PowerVC Standard Edition
Software version:
1.2.0, 1.2.1, 1.2.2
Operating system(s):
Linux
Reference #:
N1020615
Modified date:
2015-03-12
Security Bulletin
Summary
PowerVC may be impacted by XSS vulnerabilities in Dojo Toolkit SWF components.
Vulnerability Details
CVE ID:
CVE-2014-8917
DESCRIPTION:
IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input. A remote attacker could exploit this
vulnerability using a specially-crafted URL to execute script in a victim's
Web browser within the security context of the hosting Web site, once the URL
is clicked.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/99303 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected Products and Versions
PowerVC Express Edition 1.2.0.0 through 1.2.0.3
PowerVC Express Edition 1.2.1.0 through 1.2.1.2
PowerVC Standard Edition 1.2.0.0 through 1.2.0.3
PowerVC Standard Edition 1.2.1.0 through 1.2.1.2
PowerVC Standard Edition 1.2.2.0 through 1.2.2.2
Remediation/Fixes
The recommended solution is to upgrade to PowerVC 1.2.0.4 or apply the
available iFixes for PowerVC 1.2.1.2 and 1.2.2.2 as soon as practical. These
are available on IBM Fix Central.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS Guide
On-line Calculator V2
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
None
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Cross reference information
Segment Product Component Platform Version Edition
Cloud Technology PowerVC Express Edition
- -----------------------------------------------------------------------
Security Bulletin: IBM PowerVC is Impacted by OpenStack Neutron DoS Through
Invalid DNS Configuration (CVE-2014-7821)
Document information
More support for:
PowerVC Standard Edition
Software version:
1.2.0, 1.2.1, 1.2.2
Operating system(s):
Linux
Reference #:
N1020614
Modified date:
2015-03-12
Security Bulletin
Summary
PowerVC is impacted by an OpenStack neutron vulnerability whereby an
authenticated user my cause denial of service through invalid DNS
configuration
Vulnerability Details
CVE ID:
CVE-2014-7821
DESCRIPTION:
By configuring specially-crafted dns_nameservers, a remote authenticated
attacker can cause the neutron service to crash, resulting in a denial of
service.
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/98818 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
PowerVC Express Edition 1.2.0.0 through 1.2.0.3
PowerVC Express Edition 1.2.1.0 through 1.2.1.2
PowerVC Express Edition 1.2.2.0
PowerVC Standard Edition 1.2.0.0 through 1.2.0.3
PowerVC Standard Edition 1.2.1.0 through 1.2.1.2
PowerVC Standard Edition 1.2.2.0
Remediation/Fixes
The recommended solution is to upgrade to PowerVC 1.2.0.4 or 1.2.2.1 or apply
the available iFix for PowerVC 1.2.1.2 as soon as practical. These are
available on IBM Fix Central.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS Guide
On-line Calculator V2
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
None
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Cross reference information
Segment Product Component Platform Version Edition
Cloud Technology PowerVC Express Edition
- ----------------------------------------------------------------------------
Security Bulletin: IBM PowerVC Could Allow a Local Attacker to Read a Valid
Access Token (CVE-2015-0136)
Document information
More support for:
PowerVC Standard Edition
Software version:
1.2.0, 1.2.1
Operating system(s):
Linux
Reference #:
N1020608
Modified date:
2015-03-12
Security Bulletin
Summary
PowerVC's powervc-iso-import command reveals an access token via command line
argument.
Vulnerability Details
CVE ID:
CVE-2015-0136
DESCRIPTION:
IBM PowerVC could allow a local attacker to read a valid access token. The
powervc-iso-import command internally calls another command to which it passes
a valid access token as a command line argument. This token may be seen in the
process table. Only PowerVC Express installations managing IVM and PowerVC
Standard installations managing PowerKVM are affected.
CVSS:
CVSS Base Score: 1.9
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100689 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
PowerVC Express Edition 1.2.0.0 through 1.2.0.3
PowerVC Express Edition 1.2.1.0 through 1.2.1.2
PowerVC Standard Edition 1.2.1.0 through 1.2.1.2
Remediation/Fixes
The recommended solution is to upgrade to PowerVC 1.2.0.4 or 1.2.2 or apply
the available iFix for PowerVC 1.2.1.2 as soon as practical. These are
available on IBM Fix Central.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS Guide
On-line Calculator V2
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
None
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Cross reference information
Segment Product Component Platform Version Edition
Cloud Technology PowerVC Express Edition
- --------------------------------------------------------------------------
Security Bulletin: IBM PowerVC is Impacted by OpenStack Cinder and Nova
Information Disclosure (CVE-2014-7230, CVE-2014-7231)
Document information
More support for:
PowerVC Standard Edition
Software version:
1.2.0, 1.2.1
Operating system(s):
Linux
Reference #:
N1020612
Modified date:
2015-03-12
Security Bulletin
Summary
PowerVC is impacted by vulnerabilities in OpenStack cinder and nova that could
allow a local attacker to obtain sensitive information.
Vulnerability Details
CVE ID:
CVE-2014-7230
CVE-2014-7231
DESCRIPTION:
An attacker with read access to the nova and cinder logs may obtains passwords
used as a parameter of a command that has failed (CVE-2014-7230) or when
mask_password did not properly mask passwords (CVE-2014-7231).
CVSS:
CVE-2014-7230
CVSS Base Score: 2.1
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/96725 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVE-2014-7231
CVSS Base Score: 2.1
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/96726 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Affected Products and Versions
PowerVC Express Edition 1.2.0.0 through 1.2.0.3
PowerVC Express Edition 1.2.1.0 through 1.2.1.2
PowerVC Standard Edition 1.2.0.0 through 1.2.0.3
PowerVC Standard Edition 1.2.1.0 through 1.2.1.2
Remediation/Fixes
The recommended solution is to upgrade to PowerVC 1.2.0.4 or 1.2.2 or apply
the available iFix for PowerVC 1.2.1.2 as soon as practical. These are
available on IBM Fix Central.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS Guide
On-line Calculator V2
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
None
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Cross reference information
Segment Product Component Platform Version Edition
Cloud Technology PowerVC Express Edition
- ---------------------------------------------------------------------------
Security Bulletin: IBM PowerVC is Impacted by OpenStack Neutron Policy
Admin-Only Rules Security Bypass (CVE-2014-6414)
Document information
More support for:
PowerVC Standard Edition
Software version:
1.2.0, 1.2.1
Operating system(s):
Linux
Reference #:
N1020613
Modified date:
2015-03-12
Security Bulletin
Summary
PowerVC is impacted by an OpenStack neutron vulnerability whereby a
non-privileged user may reset admin-only network attributes.
Vulnerability Details
CVE ID:
CVE-2014-6414
DESCRIPTION:
By updating a network attribute with a default value, a non-privileged user
may reset admin-only network attributes. This may lead to unexpected behavior
with security implications or in some extreme cases network outages resulting
in denial of service.
CVSS:
CVSS Base Score: 5.0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95976 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Affected Products and Versions
PowerVC Express Edition 1.2.0.0 through 1.2.0.3
PowerVC Express Edition 1.2.1.0 through 1.2.1.2
PowerVC Standard Edition 1.2.0.0 through 1.2.0.3
PowerVC Standard Edition 1.2.1.0 through 1.2.1.2
Remediation/Fixes
The recommended solution is to upgrade to PowerVC 1.2.0.4 or 1.2.2 or apply
the available iFix for PowerVC 1.2.1.2 as soon as practical. These are
available on IBM Fix Central.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS Guide
On-line Calculator V2
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
None
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Cross reference information
Segment Product Component Platform Version Edition
Cloud Technology PowerVC Express Edition
- ---------------------------------------------------------------------------
Security Bulletin: IBM PowerVC Not Properly Validating HMC Certificates
(CVE-2015-0137)
Document information
More support for:
PowerVC Standard Edition
Software version:
1.2.0, 1.2.1
Operating system(s):
Linux
Reference #:
N1020611
Modified date:
2015-03-12
Security Bulletin
Summary
IBM PowerVC does not validate HMC certificates on every connection.
Vulnerability Details
CVE ID:
CVE-2015-0137
DESCRIPTION:
IBM PowerVC only completes HMC certificate validation prior to sending the
login request, which leaves subsequent requests vulnerable to man in the
middle attacks. Only PowerVC Standard implementations managing HMC are
affected.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100690 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
PowerVC Standard Edition 1.2.0.0 through 1.2.0.3
PowerVC Standard Edition 1.2.1.0 through 1.2.1.2
Remediation/Fixes
The recommended solution is to upgrade to PowerVC 1.2.0.4 or 1.2.2 or apply
the available iFix for PowerVC 1.2.1.2 as soon as practical. These are
available on IBM Fix Central.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS Guide
On-line Calculator V2
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
None
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVQJfGxLndAQH1ShLAQKpSA//fnguPlochJknyw/pm9jVvT1TG9th2Awd
pF/2e2sDDeqzFRmLrCS1cHNJHjzQqN98/Dqe3QSXLfjBl1LHvANTzXB9TPIRopYI
vOmfdWhyot6ofbun6VwEAbCjmU+zHd8E3Qib78yy5vsJ0xtHz/rhdbI8ee0odq0b
ikRq6Xjx0JnBO+GRNtU3pBo4Fxt9MckO5gX+dzoVbZf9YFeHowE6EUGWwoSn90wz
b+vqLuS1nUDQXoGSzp2Dz03EFyTX7qe1NjxFTSEfy2r/ZJtyJCB2/v9fn8vP4zub
0U0SkQcVqxcnHENCqy2hXf+PwC1Cm5CtIVOgRc/XYjKK284wVbNJ7m5zr2ropQ63
SgIORbJWAwQ/00tVRJ7YQ3MRlhESl4kbMFDv4yITHxBH7nGJaIvzySKGMEc5gNXG
LZ0ZHDTR9hIRgliVTn0ueuowgU7zw1ejwEfdx4NuDLBghANJYwnw9jYIydn0/eA9
45pEsw7SIgnu9uqxt5u8KbhfsXl9qQXxb2uU+S9b128KGRvZkQ2QKrHvfcy7uYFk
8swWfmViAX4OBSTDWwrU5VTl+DUUC8/NTJ4jerlHO9SylsrQaI8sJeY8jiNk6lBT
GvFAowU3snIro9uFBu1r2Rrv7LqYJBLF+/NBMomdgm5uawO0blGjxJw/FRSiRma1
cgEqUKHUgaM=
=pw77
-----END PGP SIGNATURE-----