Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.1253
Security Bulletin: Multiple vulnerabilities affects IBM
Security Network Protection
17 May 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Security Network Protection
Publisher: IBM
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Root Compromise -- Existing Account
Access Privileged Data -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2017-3731 CVE-2017-3289 CVE-2017-3272
CVE-2017-3261 CVE-2017-3259 CVE-2017-3253
CVE-2017-3252 CVE-2017-3241 CVE-2017-3231
CVE-2016-9311 CVE-2016-9310 CVE-2016-8610
CVE-2016-7433 CVE-2016-7429 CVE-2016-7426
CVE-2016-5552 CVE-2016-5549 CVE-2016-5548
CVE-2016-5547 CVE-2016-5546 CVE-2016-2183
CVE-2015-8779 CVE-2015-8778 CVE-2015-8776
CVE-2015-8325 CVE-2014-9761
Reference: ASB-2017.0001
ASB-2016.0095
ESB-2017.1237
ESB-2017.1206
ESB-2017.1191
ESB-2017.1161.2
ESB-2017.1158
ESB-2017.1114
ESB-2017.1075
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=swg21999248
http://www.ibm.com/support/docview.wss?uid=swg21999513
Comment: This bulletin contains five (5) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: A vulnerability in OpenSSH affects IBM Security Network
Protection (CVE-2015-8325)
Security Bulletin
Document information
More support for:
IBM Security Network Protection
Software version:
5.3.1, 5.3.3
Operating system(s):
Firmware
Reference #:
1999248
Modified date:
16 May 2017
Summary
A security vulnerability has been discovered in OpenSSH, which is used by IBM
Security Network Protection.
Vulnerability Details
CVEID:
CVE-2015-8325
DESCRIPTION:
OpenSSH could allow a local attacker to gain elevated privileges on the
system, caused by an error in the do_setup_env function when the UseLogin
feature is enabled and PAM is configured to read .pam_environment files in
user home directories. By using an LD_PRELOAD environment variable, an
attacker could exploit this vulnerability to gain elevated privileges on the
system.
CVSS Base Score: 7.4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/114628
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM Security Network Protection 5.3.1
IBM Security Network Protection 5.3.3
Remediation/Fixes
Product VRMF Remediation/First Fix
IBM Security Network Protection Firmware version 5.3.1 Download Firmware 5.3.1.13 from
IBM Security License Key and Download Center
and upload and install via the Available
Updates page of the Local Management Interface.
IBM Security Network Protection Firmware version 5.3.3 Download Firmware 5.3.3.3 from
IBM Security License Key and Download Center
and upload and install via the Available
Updates page of the Local Management Interface.
Workarounds and Mitigations
None
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
16 May 2017: Original Version Published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
============================================================================
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM
Security Network Protection
Security Bulletin
Document information
More support for:
IBM Security Network Protection
Software version:
5.3.1, 5.3.3
Operating system(s):
Firmware
Reference #:
1999513
Modified date:
16 May 2017
Summary
There are multiple vulnerabilities in IBM Runtime Environment Java Version 7
used by IBM Security Network Protection. These issues were disclosed as part
of the IBM Java SDK updates in Jan 2017.
Vulnerability Details
CVEID:
CVE-2017-3289
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE and Java SE Embedded related
to the Hotspot component has high confidentiality impact, high integrity
impact, and high availability impact.
CVSS Base Score: 9.6
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120861
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:
CVE-2017-3272
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE and Java SE Embedded related
to the Libraries component has high confidentiality impact, high integrity
impact, and high availability impact.
CVSS Base Score: 9.6
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120862
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID:
CVE-2017-3241
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit
related to the RMI component has high confidentiality impact, high integrity
impact, and high availability impact.
CVSS Base Score: 9
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120867
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID:
CVE-2016-5546
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit
related to the Libraries component has no confidentiality impact, high
integrity impact, and no availability impact.
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120869
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID:
CVE-2017-3253
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit
related to the 2D component could allow a remote attacker to cause a denial
of service resulting in a high availability impact using unknown attack
vectors.
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120868
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:
CVE-2016-5548
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE and Java SE Embedded related
to the Libraries component could allow a remote attacker to obtain sensitive
information resulting in a high confidentiality impact using unknown attack
vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120864
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID:
CVE-2016-5549
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE and Java SE Embedded related
to the Libraries component could allow a remote attacker to obtain sensitive
information resulting in a high confidentiality impact using unknown attack
vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120863
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID:
CVE-2017-3252
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit
related to the JAAS component has no confidentiality impact, high integrity
impact, and no availability impact.
CVSS Base Score: 5.8
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120870
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N)
CVEID:
CVE-2016-5547
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit
related to the Libraries component could allow a remote attacker to cause a
denial of service resulting in a low availability impact using unknown attack
vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120871
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:
CVE-2016-5552
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit
related to the Networking component has no confidentiality impact, low
integrity impact, and no availability impact.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120872
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID:
CVE-2017-3261
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE and Java SE Embedded related
to the Networking component could allow a remote attacker to obtain sensitive
information resulting in a low confidentiality impact using unknown attack
vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120866
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVEID:
CVE-2017-3231
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE and Java SE Embedded related
to the Networking component could allow a remote attacker to obtain sensitive
information resulting in a low confidentiality impact using unknown attack
vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120865
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVEID:
CVE-2017-3259
DESCRIPTION:
An unspecified vulnerability in Oracle Java SE related to the Deployment
component could allow a remote attacker to obtain sensitive information
resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/120859
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:
CVE-2016-2183
DESCRIPTION:
OpenSSL could allow a remote attacker to obtain sensitive information, caused
by an error in the DES/3DES cipher, used as a part of the SSL/TLS protocol.
By capturing large amounts of encrypted traffic between the SSL/TLS server
and the client, a remote attacker able to conduct a man-in-the-middle attack
could exploit this vulnerability to recover the plaintext data and obtain
sensitive information. This vulnerability is known as the SWEET32 Birthday
attack.
CVSS Base Score: 3.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/116337
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM Security Network Protection 5.3.1
IBM Security Network Protection 5.3.3
Remediation/Fixes
Product VRMF Remediation/First Fix
IBM Security Network Protection Firmware version 5.3.1 Download Firmware 5.3.1.13 from
IBM Security License Key and Download Center
and upload and install via the Available Updates page of the Local Managemen Interface.
IBM Security Network Protection Firmware version 5.3.3 Download Firmware 5.3.3.3 from
IBM Security License Key and Download Center
and upload and install via the Available Updates page of the Local Management Interface.
Workarounds and Mitigations
None
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
16 May 2017: Original Version Published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===========================================================================
Security Bulletin: Multiple vulnerabilities in NTP affect IBM Security
Network Protection
Security Bulletin
Document information
More support for:
IBM Security Network Protection
Software version:
5.3.1, 5.3.3
Operating system(s):
Firmware
Reference #:
1999246
Modified date:
16 May 2017
Summary
There are multiple vulnerabilities in NTP that is used by IBM Security
Network Protection. These vulnerabilities include CVE-2016-7426,
CVE-2016-7433, CVE-2016-9310, CVE-2016-9311, and CVE-2016-7429.
Vulnerability Details
CVEID:
CVE-2016-7426
DESCRIPTION:
NTP is vulnerable to a denial of service, caused by the improper handling of
invalid server responses. By sending specially crafted packets with spoofed
source address, a remote attacker could exploit this vulnerability to a
denial of service.
CVSS Base Score: 1.6
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/119094
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)
CVEID:
CVE-2016-7433
DESCRIPTION:
NTP is vulnerable to a denial of service, caused by the inclusion of the root
delay allowing for an incorrect root distance calculation. An attacker could
exploit this vulnerability to cause a denial of service.
CVSS Base Score: 1.6
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/119095
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)
CVEID:
CVE-2016-9310
DESCRIPTION:
NTP is vulnerable to a denial of service, caused by an error in the control
mode (mode 6) functionality. By sending specially crafted control mode
packets, a remote attacker could exploit this vulnerability to obtain
sensitive information and cause the application to crash.
CVSS Base Score: 6.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/119087
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
CVEID:
CVE-2016-9311
DESCRIPTION:
NTP is vulnerable to a denial of service, caused by a NULL pointer
dereference when trap service has been enabled. By sending specially crafted
packets, a remote attacker could exploit this vulnerability to cause the
application to crash.
CVSS Base Score: 4.4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/119086
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID:
CVE-2016-7429
DESCRIPTION:
NTP is vulnerable to a denial of service, caused by an attack on interface
selection. By sending specially crafted packets with spoofed source address,
a physical attacker could exploit this vulnerability to cause a denial of
service.
CVSS Base Score: 1.6
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/119093
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)
Affected Products and Versions
IBM Security Network Protection 5.3.1
IBM Security Network Protection 5.3.3
Remediation/Fixes
Product VRMF Remediation/First Fix
IBM Security Network Protection Firmware version 5.3.1 Download Firmware 5.3.1.13 from
IBM Security License Key and Download Center
and upload and install via the Available
Updates page of the Local Management Interface.
IBM Security Network Protection Firmware version 5.3.3 Download Firmware 5.3.3.3 from
IBM Security License Key and Download Center
and upload and install via the Available
Updates page of the Local Management Interface.
Workarounds and Mitigations
None
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
16 May 2017: Original Version Published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===========================================================================
Security Bulletin: Vulnerabilities in GNU C library (glibc) affect IBM
Security Network Protection
Security Bulletin
Document information
More support for:
IBM Security Network Protection
Software version:
5.3.1, 5.3.3
Operating system(s):
Firmware
Reference #:
2001907
Modified date:
16 May 2017
Summary
The GNU glibc packages provide the standard C libraries (libc), POSIX thread
libraries (libpthread), standard math libraries (libm), and the Name Server
Caching Daemon (nscd) used by multiple programs on the system. Security
vulnerabilities have been discovered in glibc used with IBM Security Network
Protection.
Vulnerability Details
CVEID:
CVE-2015-8778
DESCRIPTION:
GNU C Library (glibc) could allow a remote attacker to execute arbitrary code
on the system, caused by an integer overflow in hcreate and hcreate_r. An
attacker could exploit this vulnerability to trigger an out-of-bound memory
access and execute arbitrary code on the system or cause the application to
crash.
CVSS Base Score: 5.6
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/111086
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:
CVE-2015-8779
DESCRIPTION:
GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused
by improper bounds checking by the catopen function. By sending an overly
long string, a remote attacker could overflow a buffer and execute arbitrary
code on the system or cause the application to crash.
CVSS Base Score: 5.6
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/111087
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:
CVE-2014-9761
DESCRIPTION:
GNU C Library (glibc) is vulnerable to a stack-based buffer overflow, caused
by improper bounds checking by the nan function. By sending an overly long
string, a remote attacker could overflow a buffer and execute arbitrary code
on the system or cause the application to crash.
CVSS Base Score: 5.6
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/111085
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:
CVE-2015-8776
DESCRIPTION:
GNU C Library (glibc) is vulnerable to a denial of service. By passing out-
of-range time values to the strftime function, a remote attacker could
exploit this vulnerability to cause a segmentation fault or obtain sensitive
information.
CVSS Base Score: 6.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/110675
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
Affected Products and Versions
IBM Security Network Protection 5.3.1
IBM Security Network Protection 5.3.3
Remediation/Fixes
Product VRMF Remediation/First Fix
IBM Security Network Protection Firmware version 5.3.1 Download Firmware 5.3.1.13 from
IBM Security License Key and Download Center
and upload and install via the Available
Updates page of the Local Management Interface.
IBM Security Network Protection Firmware version 5.3.3 Download Firmware 5.3.3.3 from
IBM Security License Key and Download Center
and upload and install via the Available
Updates page of the Local Management Interface.
Workarounds and Mitigations
None
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
16 May 2017: Original Version Published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
===========================================================================
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Network
Protection (CVE-2016-8610, and CVE-2017-3731)
Security Bulletin
Document information
More support for:
IBM Security Network Protection
Software version:
5.3.1, 5.3.3
Operating system(s):
Firmware
Reference #:
1999162
Modified date:
16 May 2017
Summary
Security vulnerabilities have been discovered in OpenSSL, which is used by
IBM Security Network Protection.
Vulnerability Details
CVEID:
CVE-2016-8610
DESCRIPTION:
The SSL/TLS protocol is vulnerable to a denial of service, caused by an error
when processing ALERT packets during a SSL handshake. By sending specially-
crafted plain-text ALERT packets, a remote attacker could exploit this
vulnerability to consume all available CPU resources. Note: This
vulnerability is called "SSL-Death-Alert".
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/118296
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:
CVE-2017-3731
DESCRIPTION:
OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read
when using a specific cipher. By sending specially crafted truncated packets,
a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to
cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/121312
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
IBM Security Network Protection 5.3.1
IBM Security Network Protection 5.3.3
Remediation/Fixes
Product VRMF Remediation/First Fix
IBM Security Network Protection Firmware version 5.3.1 Download Firmware 5.3.1.13 from
IBM Security License Key and Download Center
and upload and install via the Available
Updates page of the Local Management Interface.
IBM Security Network Protection Firmware version 5.3.3 Download Firmware 5.3.3.3 from
IBM Security License Key and Download Center
and upload and install via the Available
Updates page of the Local Management Interface.
Workarounds and Mitigations
None
References
Complete CVSS v3 Guide
On-line Calculator v3
Related information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
16 May 2017: Original Version Published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWRvnTYx+lLeg9Ub1AQgM8w//WQGNwUyVVLnmr2sQDT7oBMIcQM4VuZn1
PRPoi8aeriACqzWP+LeT5I7UzWeP1eb3tV7h0/NXnJifOlJ9ox63gspHAhWRuuWr
VOeVR4NvHM5FvVQ+rRu6beCO7d5vYZ+98l24kLqgEnm/kmyLLdz73e2QGwvUgyPY
uADC8h07jqWNjXfSanhYytNJp/3jQ5bIvbNCfyVAgwUwVSlvyK0oTnfx4q6biKJI
b2VV4aKi7+B1a2qAaUIb7jZ8+bsF9YBBBt4MmduGO1Q8PFwpSnSAptqcrS+5bZWm
mhGy0tzE1SdRChuquXheUp02wBWWILneKGJ+yVYiMV90sYbz2lm6YXLttdcNo8Bq
BLDQb2ATX2+ZipD33NF38smgnIgCCeoSRLpCdjM/z9fC/guE8y3N6ZDxw3suv2ao
GGDoWb/3Et2OCLmEVbzFjKJJXFEkZwtElXmRWZROxHvcE5A1sMVVWZmgtjfb1y15
DRiK437MSP3q1kRC9I5qsB9O6s/JLz3FirI6RjUB7JiSzNxQitK47HZbL/lamJ+R
Te0ZRhQ1Van2dPeIpu1tHjKXem1vOXPRl/WYI6aOKjddiqA3Z1kZc5JcTLIlnnoD
xr1LuTkmqIlxzD5d1r59Z2VvsQTTR4D9XlO2SAHnKVG/CZUM5mC5ZDP3XtmxYt1S
9IjsD7d5Oa4=
=Tfwu
-----END PGP SIGNATURE-----