Operating System:

[Appliance][Virtual]

Published:

29 January 2016

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ESB-2016.0231 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.0231
         Security Bulletin: Vulnerabilities in OpenSSH affect IBM
                MessageSight (CVE-2016-0777, CVE-2016-0778)
                              29 January 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM MessageSight
Publisher:         IBM
Operating System:  Network Appliance
                   Virtualisation
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Access Privileged Data          -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-0778 CVE-2016-0777 

Reference:         ESB-2016.0122
                   ESB-2016.0113
                   ESB-2016.0112
                   ESB-2016.0111.2

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg21974931

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Vulnerabilities in OpenSSH affect IBM MessageSight
(CVE-2016-0777, CVE-2016-0778)

Security Bulletin

Document information

More support for:

IBM MessageSight

Security

Software version:

1.1, 1.2

Operating system(s):

Platform Independent

Reference #:

1974931

Modified date:

2016-01-27

Summary

An information leak flaw and buffer overflow flaw in the way the OpenSSH
client roaming feature was implemented affects IBM MessageSight.

Vulnerability Details

CVEID:

CVE-2016-0777

DESCRIPTION:

OpenSSH could allow a remote attacker to obtain sensitive information,
caused by a client information leak from using the roaming connection
feature. By persuading a victim to connect to a malicious server, an attacker
could exploit this vulnerability to retrieve private cryptographic keys or
other sensitive information.

CVSS Base Score: 6.5

CVSS Temporal Score: See

https://exchange.xforce.ibmcloud.com/vulnerabilities/109635

for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:

CVE-2016-0778

DESCRIPTION:

OpenSSH is vulnerable to a heap-based buffer overflow, caused by improper
bounds checking by the packet_write_wait() and ssh_packet_write_wait() API
functions when two non-default options: a ProxyCommand and either
ForwardAgent or ForwardX11 are used. By persuading a victim to connect to a
malicious server, a remote attacker could overflow a buffer and execute
arbitrary code on the system or cause the application to crash.

CVSS Base Score: 5

CVSS Temporal Score: See

https://exchange.xforce.ibmcloud.com/vulnerabilities/109636

for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM MessageSight 1.2.0.3 and below

Remediation/Fixes

Product
                  VRMF  APAR     Remediation/First Fix
IBM MessageSight  1.1   IT13410  1.1.0.1-IBM-IMA-IFIT13410

IBM MessageSight  1.2   IT13392  1.2.0.3-IBM-IMA-IFIT13392


Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide

On-line Calculator v3

Related information

IBM Secure Engineering Web Portal

IBM Product Security Incident Response Blog

Acknowledgement

Reported to IBM by Karthikeyan Bhargavan at INRIA in Paris, France

Change History

January 27 2015: Original Copy Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVqq93H6ZAP0PgtI9AQJJmxAAhcBDcyIE8gpox535Q6zIKeqp86KDjnDm
UecGI6BQFYFbdh8ZROFXgn26cAfDczcSeGlOJXPR6DqVK9+L6dx8lfsWCVKuxD9n
8TzTr7Frr6M4auJ4Xj7RM5+acKbt0w7StlBy6eA14Te4KJKuLiHfbjaChRWlyFdA
fgg7x1ZzRPUKvRxlsiU0kTBMTxEi1iTCt7IGVialLaekeyDtGFBBZzHrua62CHuX
eR0Q+FcUk5l+JIlm9oYLAtDEyd5kHrwmKj44Vgs5AdEQl4Hs7hEhEkpgF+vv9Opw
dEO+pxC5zrR8xeCRurnJyVxid96JHtEtO/DXKUhqG2qt9x0XVqeyPKkwtu4WUo1w
GlI4xRcGrLlRhyYUfLNdc4YGJp55sNNu/T1278EDbbCmEkLFCTo/dhcj+nlHYzcN
qioxFVPLU+ogvdswEbVNOuCA8TCyb/ZUsWvAPbaob/SiiouU+FC2XV5MrN74BgZu
aTeq/rT9d2m0At06QR2aTTOe/y0OOp1lP2hBlnnXipiPprGjZ+jI48TmjumHiKib
7h8Bb9TgV57QLzldPlOqnDzYS6OuCXCJcaxqveGtwj46ivuGEZe3k2UabhPAgxSI
DobBU+1cxxvSLgeAX4H2jHKaRBCyT2FTc1B/qwK94Mj+4BynhIMzBGu3tXIZtSwe
lf+89gfp2vA=
=dAAw
-----END PGP SIGNATURE-----