Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1068 Security Bulletin: Multiple vulnerabilities in ISC BIND and Samba - including Badlock - affect IBM Netezza Host Management 3 May 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Netezza Host Management Publisher: IBM Operating System: Network Appliance Impact/Access: Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-2118 CVE-2016-2115 CVE-2016-2112 CVE-2016-2111 CVE-2016-2110 CVE-2016-1286 CVE-2016-1285 CVE-2015-5370 Reference: ESB-2016.0931 ESB-2016.0640 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21979985 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Multiple vulnerabilities in ISC BIND and Samba - including Badlock - affect IBM Netezza Host Management Security Bulletin Document information More support for: PureData System for Analytics Software version: 1.0.0 Operating system(s): Platform Independent Software edition: All Editions Reference #: 1979985 Modified date: 2016-04-27 Summary ISC BIND is used by IBM Netezza Host Management. Samba is delivered in IBM Netezza Host Management RHEL 5.11 and 6.6 OS upgrade kits. IBM Netezza Host Management has addressed the applicable CVEs including the vulnerability commonly referred to as "Badlock." Vulnerability Details CVEID: CVE-2016-2118 DESCRIPTION: Samba could allow a remote attacker to gain elevated privileges on the system, caused by the acceptance of inadequate authentication levels by the Microsoft Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate an authenticated user against the SAMR or LSAD service and gain access to the Security Account Manager (SAM) database. This vulnerability is also known as the BADLOCK bug. CVSS Base Score: 8.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111935 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) CVEID: CVE-2015-5370 DESCRIPTION: Samba is vulnerable to a denial of service, caused by the improper validation of DCE-RPC packets by the DCE-RPC client and server implementations. An attacker could exploit this vulnerability using man-in-the-middle techniques to downgrade a secure connection to an insecure one and consume all available CPU resources. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111936 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) CVEID: CVE-2016-2110 DESCRIPTION: Samba could allow a remote attacker to bypass security restrictions, caused by the failure to protect the feature negotiation of NTLMSSP from a downgrade. A remote attacker could exploit this vulnerability using man-in- the-middle techniques to clear NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL flags and perform downgrade attacks. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111937 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) CVEID: CVE-2016-2111 DESCRIPTION: Samba could allow a remote attacker to bypass security restrictions, caused by an error in the NETLOGON service when a Domain Controller is configured. A remote attacker could exploit this vulnerability using man-in-the-middle techniques to spoof the computer name of a secure channel's endpoints and access session-related information of the spoofed computer. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111938 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) CVEID: CVE-2016-2112 DESCRIPTION: Samba could allow a remote attacker to bypass security restrictions, caused by the failure to enforce integrity protection by the LDAP client and server. A remote attacker could exploit this vulnerability using man-in-the-middle techniques to downgrade LDAP connections. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111939 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) CVEID: CVE-2016-2115 DESCRIPTION: Samba could allow a remote attacker to bypass security restrictions, caused by the failure to protect the integrity of SMB client connections for IPC traffic. A remote attacker could exploit this vulnerability using man-in-the- middle techniques to perform unauthorized actions. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111942 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) CVEID: CVE-2016-1286 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing signature records for DNAME resource records. A remote attacker could exploit this vulnerability to trigger an assertion failure in resolver.c or db.c and cause the named process to crash. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111390 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2016-1285 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the improper handling of control channel input. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to trigger an assertion failure in sexpr.c or alist.c and cause the named process to crash. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111389 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions IBM Host Management 5.4.4.0 Remediation/Fixes IBM Netezza Host Management 5.4.5.0 Link to Fix Central The Netezza Host Management software contains the latest RHEL updates for the operating systems certified for use on IBM Netezza/PureData System for Analytics appliances. IBM recommends upgrading to the latest Netezza Host Management version to ensure that your hosts have the latest fixes, security changes, and operating system updates. IBM Support can assist you with planning for the Netezza Host Management and operating system upgrades to your appliances. For more details on IBM Netezza Host Management security patching: Red Hat Enterprise Linux (RHEL) Security Patching for IBM PureData System for Analytics appliances Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement None Change History 27 April 2016: Original Version Published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVygs636ZAP0PgtI9AQJ3jQ//TbYrgJzejlT0tTd1irHKA0MF0AVqjfTm P9vzpViudWsaokMwpvMC5d4H9CxlnJJcN/uNdhi27y8o154syNKlFeTOpA6f2sXT bVFSlgSZXAauG4w9lalz5SDwpSNuVxWrxN3lb0RTfB9Vp5TCpe6NYwlksudGi84Q wvaife5ePMvXMKecz7JM0NJrD/OaYHGgCBKNZkV2k2tc0ibYLG+O2UKWeulMi8fa mYVoLo99XKHpGR46HYa56CF6OzuHsx608l6v9m0TTwQsku49VFtr1mBkvdmKwBjU FXF3XurrU9//juvnguL4zQ6vaH5SSMQKU/VmB+VkSi+gfl7sCe9VQqXHkxMYZ7JZ eXRaUwU0H81A989I06hxA4cO3RtAzjOfKAuZG5fdk1FFy8hjOEyleQs/R71ZFxQl WWAaeHG9EzQR+4sEu9S9L8afQM/FDy/peskQrZK/nduUhFXdJDiNlHN3KD2ZfhRZ 4/PrjwWXJI/9IYFNYo3Jpa2saYbskAa9W47YB6e840hBHtJzPgeovHIBLjzY80DI itBdmOYh3ZjFUkxKuuYFeWMgnjgVfsKCyEI1xKuik8RCOd/QSBTUpPOIITOvDGYP M9bSqfEcy2cTplX03xIwKnK9qpzz8Y1nx66fhS+lcpxVFc9RZjI3r9Yw6lKys5Kp 8x/YErcUQwM= =MW83 -----END PGP SIGNATURE-----