Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.0307
Multiple vulnerabilities in IBM Java SDK affect IBM Decision
Optimization Center
5 February 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Decision Optimization Center
Publisher: IBM
Operating System: AIX
Linux variants
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Privileged Data -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2016-0494 CVE-2016-0483 CVE-2016-0466
CVE-2016-0448 CVE-2016-0402 CVE-2015-8540
CVE-2015-8472 CVE-2015-8126 CVE-2015-7981
CVE-2015-7575 CVE-2015-5041
Reference: ASB-2016.0004
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=swg21975930
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM
Decision Optimization Center
Security Bulletin
Document information
More support for:
IBM Decision Optimization Center
Software version:
3.5, 3.6, 3.6.0.1, 3.7, 3.7.0.1, 3.7.0.2, 3.8, 3.8.0.1, 3.8.0.2
Operating system(s):
AIX, Linux, Windows
Software edition:
All Editions
Reference #:
1975930
Modified date:
2016-02-04
Summary
There are multiple vulnerabilities in IBM SDK Java Technology Edition,
Version 6 that is used by IBM Decision Optimization Center. These issues were
disclosed as part of the IBM Java SDK updates in January 2016 and includes
the vulnerability commonly referred to as SLOTH.
Vulnerability Details
CVE IDs:
CVE-2016-0494 CVE-2016-0483 CVE-2015-8126 CVE-2015-8472 CVE-2016-0466
CVE-2016-0402 CVE-2015-7575 CVE-2016-0448 CVE-2015-8540 CVE-2015-7981
CVE-2015-5041
CVEID:
CVE-2016-0494
DESCRIPTION:
An unspecified vulnerability related to the 2D component has complete
confidentiality impact, complete integrity impact, and complete availability
impact.
CVSS Base Score: 10
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/109944
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID:
CVE-2016-0483
DESCRIPTION:
An unspecified vulnerability related to the AWT component has complete
confidentiality impact, complete integrity impact, and complete availability
impact.
CVSS Base Score: 10
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/109945
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID:
CVE-2015-8126
DESCRIPTION:
libpng is vulnerable to a buffer overflow, caused by improper bounds checking
by the png_set_PLTE() and png_get_PLTE() functions. By persuading a victim to
open a specially-crafted PNG file, a remote attacker could overflow a buffer
and execute arbitrary code on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/108010
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/UI:U/C:H/I:H/A:H)
CVEID:
CVE-2015-8472
DESCRIPTION:
libpng is vulnerable to a buffer overflow, caused by improper bounds checking
by the png_get_PLTE() and png_set_PLTE() functions. By persuading a victim to
open a specially crafted PNG image, a remote attacker could overflow a buffer
and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/109392
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:L/I:L/A:L)
CVEID:
CVE-2016-0466
DESCRIPTION:
An unspecified vulnerability related to the JAXP component could allow a
remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/109948
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID:
CVE-2016-0402
DESCRIPTION:
An unspecified vulnerability related to the Networking component has no
confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/109947
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID:
CVE-2015-7575
DESCRIPTION:
The TLS protocol could allow weaker than expected security caused by a
collision attack when using the MD5 hash function for signing a
ServerKeyExchange message during a TLS handshake. An attacker could exploit
this vulnerability using man-in-the-middle techniques to impersonate a TLS
server and obtain credentials. This vulnerability is commonly referred to as
SLOTH.
CVSS Base Score: 7.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/109415
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:H/I:L/A:N)
CVEID:
CVE-2016-0448
DESCRIPTION:
An unspecified vulnerability related to the JMX component could allow a
remote attacker to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/109949
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CVEID:
CVE-2015-8540
DESCRIPTION:
libpng is vulnerable to a buffer overflow, caused by a read underflow in
png_check_keyword in pngwutil.c. By sending an overly long argument, a remote
attacker could overflow a buffer and execute arbitrary code on the system or
cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/109219
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:
CVE-2015-7981
DESCRIPTION:
libpng could allow a remote attacker to obtain sensitive information, caused
by an out-of-bounds read in the png_convert_to_rfc1123 function. An attacker
could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/107740
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:
CVE-2015-5041
DESCRIPTION:
A flaw in the IBM J9 JVM allows code to invoke non-public interface methods
under certain circumstances. Untrusted code could potentially exploit this.
This could lead to sensitive data being exposed to an attacker, or the
attacker being able to inject bad data.
CVSS Base Score: 4.8
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/106719
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
IBM Decision Optimization Center 3.8.0.2 and earlier
Product Version(s) Affected Supporting Product and Version
IBM ILOG Optimization Decision Manager Enterprise: v3.5 - v3.7.0.2 IBM JDK Version 6 Service Refresh 16 Fix Pack 20
IBM Decision Optimization Center: v3.8 - v3.8.0.2
Remediation/Fixes
The recommended solution is to download and install the IBM Java SDK as soon
as practicable.
Before installing a newer version of IBM Java SDK, please ensure that you:
Close any open programs that you have running;
Rename the initial directory of the IBM Java SDK (for example: with a .old at
the end),
Download and install
IBM Java SDK Version 6 Service Refresh 16 Fix Pack 20
and subsequent releases.
Here are the detailed instructions
Workarounds and Mitigations
For CVE-2015-7575, Java 6 requires code changes in the JSSE component in
addition to the java.security file modifications, so upgrading the Java SDK
is the only solution.
Get Notified about Future Security Bulletins
Subscribe to
My Notifications
to be notified of important product support alerts like this.
References
Complete CVSS v2 Guide
On-line Calculator v2
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
CVE-2015-7575 was reported to IBM by Karthikeyan Bhargavan at INRIA in Paris,
France
Change History
4 February 2016: Original version published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVrQ0bX6ZAP0PgtI9AQKAkA//RauDtzXHivKNvKPqsVY5xd71Nz4qZ+ZL
27fzCcJcg/U6XMSIZRiNzaLAEc4XJpib+8TRJNEhKWWVm/6amLQd0Yt+scXqZTx5
8NlglYow91MC95gLfnIyiAsXr58hF2qExjeYLCArAJhyotBIMQpv1FIDNYWPbbNo
9u2OQJdc7L1k9W/6EaB1lgs2o5rumbMPXqDBgP1a84wv/QXMMQ3xRlvhFk60p4Is
vgNhbQmRPuWVHMXSIKBwzpTkFaZDQAq20yZtyUfgJ5EzEXMF9e2VoXswOO7UTL0q
tgDjqPU3KSusNxRseQH3vypM5r+mjPwImmRgz5XXaOaAj1YZ4Pl+T+06OEewrxbX
vJBv1Vj/46y7tgBXW6BxOMxA9n7QTDgqtpanZ2UdK+XrNou12lSiGAfimlpgEn22
eUgaReTM9tz78s6Ot0oM1QD0N9wQOhTxJvO4VssPJKbMWx81BfaQFx4IM9grIjwP
YlH/1whOz6Z66qbWTOdv/1j1n7w3ECD5Ox8jvREiRAAGLkamyQXc4lJty0OOlIjl
66cgD4Nnyi9yvl0KfevgTOTq3s9v/udEV1KvkOoHq4z+ECBbZ9LYGbbSPObEcIxG
6AJ7++ah6XlhOA42sYB7boXx74UpIDjh30bkhBj8/2JX4ZtFfPJiV7lcEgX+oI3Z
bha2O4Mmj78=
=nUBA
-----END PGP SIGNATURE-----