-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.2751
 Security Bulletin: Infosphere BigInsights is affected by a vulnerability
    that could allow a local attacker to obtain the value-add services
             passwords stored in the Ambari configuration file
                      (CVE-2015-4928, CVE-2015-4940)
                              3 November 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Infosphere BigInsights
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Access Privileged Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-4940 CVE-2015-4928 

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg21969202

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Infosphere BigInsights is affected by a vulnerability that
could allow a local attacker to obtain the value-add services passwords stored
in the Ambari configuration file (CVE-2015-4928, CVE-2015-4940).

Document information

More support for:

IBM BigInsights

Install

Software version:

4.0.0

Operating system(s):

Linux

Software edition:

Enterprise Edition

Reference #:

1969202

Modified date

Security Bulletin

Summary

Infosphere BigInsights is affected by a vulnerability that could allow a local
attacker to obtain value-add services passwords stored in the Ambari 
configuration file. The passwords are shown in plain text (CVE-2015-4928, 
CVE-2015-4940).

Vulnerability Details

CVEID: CVE-2015-4928

DESCRIPTION: IBM BigInsights value-added services that are installed on a 
cluster, will display password fields in clear text in the Configs screen on 
the Ambari user interface. To exploit this vulnerability malicious user should
be able to see the configs screen for the given service.

CVSS Base Score: 3.5

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/104096 for the 
current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)

CVEID: CVE-2015-4940

DESCRIPTION: IBM Infosphere BigInsights could allow a local attacker to obtain
the BigSheets password which is stored in the Ambari configuration file in 
plain text.

CVSS Base Score: 1.9

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/104513 for the 
current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM InfoSphere BigInsights: 4.0

Remediation/Fixes

- From Passport Advantage, download and apply IBM BigInsights 4.1. It includes 
Ambari 2.1 that contains the fix.

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support 
alerts like this.

References

Complete CVSS v2 Guide

On-line Calculator v2

Related information

IBM Secure Engineering Web Portal

IBM Product Security Incident Response Blog

Change History

30 October 2015: Original Copy Published

*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the 
Reference section of this Security Bulletin. Disclaimer According to the Forum
of Incident Response and Security Teams (FIRST), the Common Vulnerability 
Scoring System (CVSS) is an "industry open standard designed to convey 
vulnerability severity and help to determine urgency and priority of 
response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND,
INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVjg3Xn6ZAP0PgtI9AQKLghAAxREsERa5YgzK22/x7nky8nKpXFXe/Y7s
Xk78gQ80LBYHwFpp+rbXTXj0WDmSCHE24RivPUlix4/EIVossBHnQrqT0Sh2JxOV
Mu6RQn7ik5eOu8eB51edpwuwhJQO2eiKj8IGP4FDSXJb1d7+ck4PHfqFhJ6Mi+5N
qUnvFfvL+/jICtYLOe5LyrkbrJQIWkeNb4A5ySZRZczIBRS9PtVb+B9JDfpqRWp2
L2eZO8YArdXX3FL8hHG//mRZ8SASUUArvnoY1Z6cMZrVfjAT9DVQS7Cqm6x9Wqyw
Johs6pyOIn8UcLNB+/9DAHAjhpfhy7d/avrinIr11k5zOVjfveE8xkqFTbgSpKSM
ywmj1HMLA4XqdhBbllU/WcwCXoizmrDRY4XQDE5q1sCNPH1hzcTXgO3czIWoGkR1
8YnUPWDH5iLRU9tEOqOvMc1ll6bIWWgmXz8kuIM59IkbeUuHcu27pB/R8FOlcXDA
g09isTy0eBotJASLBuZbpFMZ4IeIg9J7/qMh9frUJhg7ghJXXuF0zDs3AVbqD5Fp
gMpmXsYnf4VB9MFWCoIAo434dAjIJvCj6yRYasy8cMxErmu8rtg8VDOWtsVDGPQo
THM7ODuZtxon8+C2/uFYhOsnX9v23L3E1HizR5zbh1kyJG6tYBbJR8BHTQz8SUm/
fBZJSmci/ng=
=POhR
-----END PGP SIGNATURE-----