Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.2622 Multiple vulnerabilities have been identified in IBM Security Network Protection 16 October 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Security Network Protection Publisher: IBM Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Existing Account Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Unauthorised Access -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-5621 CVE-2015-3405 CVE-2015-3246 CVE-2015-3245 CVE-2015-3183 CVE-2015-2716 CVE-2015-1799 CVE-2015-1798 CVE-2015-1283 CVE-2014-3565 CVE-2013-7424 Reference: ESB-2015.2559 ESB-2015.2517 ESB-2015.2141 ESB-2015.2135 ESB-2015.1930 ESB-2015.1174 ESB-2015.0933 ESB-2015.0899 ESB-2015.0428 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21963297 http://www-01.ibm.com/support/docview.wss?uid=swg21965877 http://www-01.ibm.com/support/docview.wss?uid=swg21966695 http://www-01.ibm.com/support/docview.wss?uid=swg21966578 http://www-01.ibm.com/support/docview.wss?uid=swg21967057 http://www-01.ibm.com/support/docview.wss?uid=swg21964539 Comment: This bulletin contains six (6) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: A vulnerability in GNU glibc affects IBM Security Network Protection (CVE-2013-7424) Security Bulletin Document information More support for: IBM Security Network Protection Software version: 5.2.0, 5.3 Operating system(s): Firmware Reference #: 1963297 Modified date: 2015-10-15 Summary The GNU glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Security vulnerabilities have been discovered in glibc used with IBM Security Network Protection. Vulnerability Details CVE ID: CVE-2013-7424 DESCRIPTION: The GNU C Library (glibc) could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error in the getaddrinfo() function when used with the AI_IDN flag. An attacker able to make an application call this function could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 5.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101073 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P) Affected Products and Versions IBM Security Network Protection 5.2 IBM Security Network Protection 5.3 Remediation/Fixes Product VRMF Remediation/First Fix IBM Security Network Protection Firmware version 5.2 Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0012 from IBM Fix Central and upload and install via the Fix Packs page of the local management interface. IBM Security Network Protection Firmware version 5.3 Install Firmware 5.3.1.5 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v2 Guide On-line Calculator v2 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 03 September 2015: Original Version Published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Protection (CVE-2014-3565) Security Bulletin Document information More support for: IBM Security Network Protection Software version: 5.2.0, 5.3 Operating system(s): Firmware Reference #: 1965877 Modified date: 2015-10-15 Summary The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP).One security vulnerability has been discovered in net-snmp used with IBM Security Network Protection. Vulnerability Details CVE ID: CVE-2014-3565 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the "-OQ" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95638 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Affected Products and Versions IBM Security Network Protection 5.2 IBM Security Network Protection 5.3 Remediation/Fixes Product VRMF Remediation/First Fix IBM Security Network Protection Firmware version 5.2 Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0012 from IBM Fix Central and upload and install via the Fix Packs page of the Local Management Interface. IBM Security Network Protection Firmware version 5.3 Install Firmware 5.3.1.5 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v2 Guide On-line Calculator v2 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 01 October 2015: Original Version Published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Protection (CVE-2015-5621) Security Bulletin Document information More support for: IBM Security Network Protection Software version: 5.2.0, 5.3 Operating system(s): Firmware Reference #: 1966695 Modified date: 2015-10-15 Summary The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP).One security vulnerability has been discovered in net-snmp used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-5621 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105232 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions IBM Security Network Protection 5.2 IBM Security Network Protection 5.3 Remediation/Fixes Product VRMF Remediation/First Fix IBM Security Network Protection Firmware version 5.2 Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0012 from IBM Fix Central and upload and install via the Fix Packs page of the Local Management Interface. IBM Security Network Protection Firmware version 5.3 Install Firmware 5.3.1.5 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 01 October 2015: Original Version Published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in NTP affect IBM Security Network Protection (CVE-2015-1798, CVE-2015-1799, and CVE-2015-3405) Security Bulletin Document information More support for: IBM Security Network Protection Software version: 5.2.0, 5.3 Operating system(s): Firmware Reference #: 1966578 Modified date: 2015-10-15 Summary Security vulnerabilities have been discovered in NTP used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-1798 DESCRIPTION: Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to bypass security restrictions, caused by the acceptance of packets that do not contain a message authentication code (MAC) as valid packets wen configured for symmetric key authentication. An attacker could exploit this vulnerability using man-in-the-middle techniques to bypass the authentication process. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102051 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P) CVEID: CVE-2015-1799 DESCRIPTION: Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102052 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P) CVEID: CVE-2015-3405 DESCRIPTION: Network Time Protocol (NTP) could allow a remote attacker to conduct spoofing attacks, caused by the generation of MD5 symmetric keys on big-endian systems by the ntp-keygen utility. An attacker could exploit this vulnerability using the generated MD5 keys to spoof an NTP client or server. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104387 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Affected Products and Versions IBM Security Network Protection 5.2 IBM Security Network Protection 5.3 Remediation/Fixes Product VRMF Remediation/First Fix IBM Security Network Protection Firmware version 5.2 Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0012 from IBM Fix Central and upload and install via the Fix Packs page of the Local Management Interface. IBM Security Network Protection Firmware version 5.3 Install Firmware 5.3.1.5 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v2 Guide On-line Calculator v2 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 12 September 2015: Original Version Published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in IBM HTTP Server affect IBM Security Network Protection (CVE-2015-3183, and CVE-2015-1283) Security Bulletin Document information More support for: IBM Security Network Protection Software version: 5.2.0, 5.3 Operating system(s): Firmware Reference #: 1967057 Modified date: 2015-10-15 Summary Request smuggling and denial of service security vulnerabilities have been discovered in IBM HTTP Server used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-3183 DESCRIPTION: Apache HTTP Server is vulnerable to HTTP request smuggling, caused by a chunk header parsing flaw in the apr_brigade_flatten() function. By sending a specially-crafted request in a malformed chunked header to the Apache HTTP server, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104844 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2015-1283 DESCRIPTION: Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. CVSS Base Score: 6.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104964 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) Affected Products and Versions IBM Security Network Protection 5.2 IBM Security Network Protection 5.3 Remediation/Fixes Product VRMF Remediation/First Fix IBM Security Network Protection Firmware version 5.2 Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0012 from IBM Fix Central and upload and install via the Fix Packs page of the Local Management Interface. IBM Security Network Protection Firmware version 5.3 Install Firmware 5.3.1.5 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 01 October 2015: Original Version Published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: Vulnerabilities in libuser affect IBM Security Network Protection (CVE-2015-3245, CVE-2015-3246) Security Bulletin Document information More support for: IBM Security Network Protection Software version: 5.2.0, 5.3 Operating system(s): Firmware Reference #: 1964539 Modified date: 2015-10-15 Summary The libuser library implements a standardized interface for manipulating and administering user and group accounts used by multiple programs on the system. Security vulnerabilities have been discovered in libuser used with IBM Security Network Protection. Vulnerability Details CVE ID: CVE-2015-3245 DESCRIPTION: libuser is vulnerable to a denial of service, caused by the failure to properly filter out newline characters by the chfn() function within the userhelper utility. A local authenticated attacker could exploit this vulnerability to inject newline characters into the /etc/passwd file and cause a denial of service. CVSS Base Score: 4.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105022 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) CVE ID: CVE-2015-3246 DESCRIPTION: libuser could allow a local authenticated attacker to gain elevated privileges on the system, caused by the improper handling of the /etc/passwd file. An attacker could exploit this vulnerability to gain root privileges on the system. CVSS Base Score: 7.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105023 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions IBM Security Network Protection 5.2 IBM Security Network Protection 5.3 Remediation/Fixes Product VRMF Remediation/First Fix IBM Security Network Protection Firmware version 5.2 Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0012 from IBM Fix Central and upload and install via the Fix Packs page of the local management interface. IBM Security Network Protection Firmware version 5.3 Install Firmware 5.3.1.5 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 03 September 2015: Original Version Published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBViCK336ZAP0PgtI9AQIAghAAkF2kE++dIV3w5k9DLp6Mb8DLS3a7kKA6 p7UrrDym54d83pV2Qt8aJW6DUpaY8yxiIwVMHXg7U5avYS4yHllWMausO1XxgmR0 old7zdXyllG9d4LW8/UbBBF4+jJEJzgt9MznLGi4X1X065SFscOKbrNn/AIgzebl aSe0DTOrSJPURtj8+0weCofIseWwyinIKQt8hhVZN3dUbuu0kEna+yb8d5GAl+lD HR2fG1ZdFEm8mX4ZJl0Z7BVH7JwPgfEFy1NdPPBFMiHH1eajlNUI1zoHDa9oIsua 7D+mA8MA80TfPQSwfq2PuqDQ2A8h9BycOCRBI2iifg7+NGT06Z1kxiibuwuJlgD4 MDuSOEaVv7D8ggoPfz1pf4Jb16xrRnxC/7I7bszGi+hRK1dBciFOL6LtBOVzWrkQ elF21MejpxR9MlrH6TFzHY6GaHabW/ZN4UMzRcxVAXCj55qFJHZggPUEFF4d3/Su OfbOJiyLqVzVXolFl3jbvVHvb12MlSFwPsNCD00Jkrhd/QmOLPjp8jxC7QM2Avyg Hnbb98n1ENJwrH/991k7DJKZy2wh6c2r9VwyyZH2iZ3Q+2HgYsxhE2BnmBxylYDd odu5nau1TDT1zbHXZ51XPaNDp0YAas9K6qGdHMEShdNNt3+P6kE/HjIFSw4tJYDo 3wizNlNAkgg= =pn47 -----END PGP SIGNATURE-----