Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.3133 Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available 15 December 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Security Identity Manager Virtual Appliance Publisher: IBM Operating System: Linux variants VMware ESX Server Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Unauthorised Access -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2015-7450 CVE-2015-5621 CVE-2015-3238 CVE-2015-3148 CVE-2015-3143 CVE-2015-2730 CVE-2015-2017 CVE-2015-1819 CVE-2015-1799 CVE-2015-1798 CVE-2014-9298 CVE-2014-9297 CVE-2014-8150 CVE-2014-8121 CVE-2014-3707 CVE-2014-3613 CVE-2014-3565 Reference: ASB-2015.0112 ASB-2015.0103 ASB-2015.0070 ASB-2015.0066 ASB-2015.0047 ESB-2015.3057 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21972266 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available Document information More support for: IBM Security Identity Manager Identity Manager Virtual Appliance Software version: 7.0 Operating system(s): Linux, Platform Independent Reference #: 1972266 Modified date: 2015-12-14 Security Bulletin Summary There are multiple security vulnerabilities in various components used by IBM Security Identity Manager Virtual Appliance Vulnerability Details CVEID: CVE-2014-3565 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the "-OQ" option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95638 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2014-3613 DESCRIPTION: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP addresses. An attacker could exploit this vulnerability to send cookies to an incorrect site. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/95925 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2014-3707 DESCRIPTION: cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by an error in the curl_easy_duphandle() function. An attacker could exploit this vulnerability to corrupt heap memory and obtain sensitive information or cause a denial of service. CVSS Base Score: 6.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/98562 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P) CVEID: CVE-2014-8121 DESCRIPTION: GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102652 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2014-8150 DESCRIPTION: libcURL is vulnerable to CRLF injection, caused by the improper handling of URLs with embedded end-of-line characters. By persuading a victim to click on a specially-crafted URL link using an HTTP proxy, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100567 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVEID: CVE-2014-9297 DESCRIPTION: Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100004 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2014-9298 DESCRIPTION: Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to obtain sensitive information, caused by the improper validation of the length value in extension field pointers. An attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100005 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2015-1798 DESCRIPTION: Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to bypass security restrictions, caused by the acceptance of packets that do not contain a message authentication code (MAC) as valid packets wen configured for symmetric key authentication. An attacker could exploit this vulnerability using man-in-the-middle techniques to bypass the authentication process. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102051 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P) CVEID: CVE-2015-1799 DESCRIPTION: Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P) CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error in the xmlreader when processing XML data. A remote attacker could exploit this vulnerability to consume all available memory resources. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107272 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2015-2017 DESCRIPTION: The IBM WebSphere Portal is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive infrmation. CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/103991 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2015-2730 DESCRIPTION: Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to properly handle certain exceptional cases by the Elliptical Curve Cryptography (ECC) multiplication for Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation in Network Security Services (NSS). By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to forge signatures. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/104386 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) CVEID: CVE-2015-3143 DESCRIPTION: libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102888 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2015-3148 DESCRIPTION: libcurl and cRUL could allow a remote attacker to bypass security restrictions, caused by improper use of the negotiate authentication method. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions and connect as other users. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102878 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVEID: CVE-2015-3238 DESCRIPTION: Linux-PAM could allow a local attacker to obtain sensitive information, caused by an error in the _unix_run_helper_binary function in the pam_unix module. An attacker could exploit this vulnerability using an overly large password to enumerate usernames and cause the system to hang. CVSS Base Score: 5.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106368 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) CVEID: CVE-2015-5621 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105232 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107918 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions Ensure that the version listed below is installed on the system. Product Version Fix level IBM Security Identity Manager (ISIM) Virtual Appliance Apply the following: releases 7.0.0.0, 7.0.0.1, 7.0.0.2, 7.0.0.3 IBM Security Identity Manager (ISIM) 7.0.1 release 7.0.1-ISS-SIM-FP0000 Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v2 Guide On-line Calculator v2 Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVm+0vH6ZAP0PgtI9AQJR3RAAgwzlB68q1DQt7pXzk1QoQw1bV4pRhGs1 1YPguEgVpvEF7nLUItHGqMIDI1vXABqOm/zMoH7yQVgsDv9MGFQPgHQWby9d+pI9 VA7RFuU/+MeLm5XTWBUuR8EMKjBMgrydqd0kYuyuR1VYBHmqmwB2I0tXw4dngp17 U5uBBSb7jg22Cm9uSrwlctzcNXmOD2serw9pN6vOUme/jTgl67wpB7ygQPkH+xqF S7/0CM8tTZDQJMXT65YkIcRoJ1hkl7My2ns9TD5sY+wrJaDEh3E+TOcndzWJ0l9E m3j0LMzynjpU+rzijaPcX3zAOvtkKMHDkC91jMwW1rhNmNmbXpvLtv55sKPA4+uI HM5Sfu8Q2XnZjr8aIAygB/4CKqhVyVFpIUIKwZVeigjIX8jD53fmhyBMgDvCB+xi p1J2zlUdU/UJnrlIkBApOfZwJu5vGXs0ftHk1qxwn72P4e+08ELGT0ZXx4PtTv5h uo0kBiZFgIBRbT3zSxuhuvn54xwAE1BRPl82+0QDnkEQSGBN43NHlFp7zK7x1Dkq dx/igWlCbMTRwOkHHipBAz1fFt+FtM+MtUkto+t3EgBQaRGBYROHSO61XWJ7KZwi EDlpSJ3VKigeb3YQiUEv8J2Haj/JtMxfasFCIxOHZWPWTtbCqqVOqL+LzvEb8peF SvduTc/Wki4= =mdrL -----END PGP SIGNATURE-----