-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1410
        Security Bulletin: Multiple Security vulnerabilities fixed
                in IBM Security Privileged Identity Manager
                                5 June 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Security Privileged Identity Manager
Publisher:         IBM
Operating System:  Network Appliance
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated
                   Denial of Service      -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-3731 CVE-2016-9311 CVE-2016-9310
                   CVE-2016-8610 CVE-2016-7433 CVE-2016-7429
                   CVE-2016-7426 CVE-2016-6306 CVE-2016-6304
                   CVE-2016-6302 CVE-2016-5960 CVE-2016-5959
                   CVE-2016-5957 CVE-2016-2182 CVE-2016-2181
                   CVE-2016-2180 CVE-2016-2179 CVE-2016-2178
                   CVE-2016-2177  

Reference:         ASB-2017.0060
                   ASB-2017.0059
                   ESB-2016.2238
                   ESB-2016.2116

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=swg22003092

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Multiple Security vulnerabilities fixed in IBM Security
Privileged Identity Manager

Document information

More support for: IBM Security Privileged Identity Manager

Software version: 2.0.2, 2.1.0

Operating system(s): Appliance

Reference #: 2003092

Modified date: 02 June 2017

Security Bulletin

Summary

There are multiple Security vulnerabilities that are fixed in the IBM
Security Privileged Identity Manager

Vulnerability Details


CVEID: CVE-2016-5957
DESCRIPTION: IBM Security Privileged Identity Manager uses weaker than
expected cryptographic algorithms that could allow an attacker to decrypt
highly sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/116134 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-5959
DESCRIPTION: IBM Security Privileged Identity Manager stores sensitive
information in URL parameters. This may lead to information disclosure
if unauthorized parties have access to the URLs via server logs, referrer
header or browser history.
CVSS Base Score: 3.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/116136 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-5960
DESCRIPTION: IBM Security Privileged Identity Manager stores user credentials
in plain in clear text which can be read by a local user.
CVSS Base Score: 6.2
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/116171 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-2177
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the
incorrect use of pointer arithmetic for heap-buffer boundary checks. By
leveraging unexpected malloc behavior, a remote attacker could exploit
this vulnerability to trigger an integer overflow and cause the application
to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113890 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-2178
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by an error in the DSA implementation that allows
the following of a non-constant time codepath for certain operations. An
attacker could exploit this vulnerability using a cache-timing attack to
recover the private DSA key.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/113889 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-2179
DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending
specially crafted DTLS record fragments to fill up buffer queues, a
remote attacker could exploit this vulnerability to open a large number
of simultaneous connections and consume all available memory resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/116343 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-2180
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an
out-of-bounds read in the TS_OBJ_print_bio function. A remote attacker
could exploit this vulnerability using a specially crafted time-stamp file
to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/115829 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-2181
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an
error in the DTLS replay protection implementation. By sending a specially
crafted sequence number, a remote attacker could exploit this vulnerability
to cause valid packets to be dropped.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/116344 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-2182
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused
by an out-of-bounds write in the TS_OBJ_print_bio function in
crypto/bn/bn_print.c. A remote attacker could exploit this vulnerability
using a specially crafted value to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/116342 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-6302
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the
failure to consider the HMAC size during validation of the ticket length
by the tls_decrypt_ticket function A remote attacker could exploit this
vulnerability using a ticket that is too short to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/117024 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-6306
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by missing
message length checks when parsing certificates. A remote authenticated
attacker could exploit this vulnerability to trigger an out-of-bounds read
and cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/117112 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-6304
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by multiple
memory leaks in t1_lib.c during session renegotiation. By sending an overly
large OCSP Status Request extension, a remote attacker could exploit this
vulnerability to consume all available memory resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/117110 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7426
DESCRIPTION: NTP is vulnerable to a denial of service, caused by the
improper handling of invalid server responses. By sending specially crafted
packets with spoofed source address, a remote attacker could exploit this
vulnerability to a denial of service.
CVSS Base Score: 1.6
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/119094 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-7433
DESCRIPTION: NTP is vulnerable to a denial of service, caused by the
inclusion of the root delay allowing for an incorrect root distance
calculation. An attacker could exploit this vulnerability to cause a denial
of service.
CVSS Base Score: 1.6
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/119095 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-9310
DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error
in the control mode (mode 6) functionality. By sending specially crafted
control mode packets, a remote attacker could exploit this vulnerability
to obtain sensitive information and cause the application to crash.
CVSS Base Score: 6.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/119087 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID: CVE-2016-9311
DESCRIPTION: NTP is vulnerable to a denial of service, caused by a NULL
pointer dereference when trap service has been enabled. By sending specially
crafted packets, a remote attacker could exploit this vulnerability to
cause the application to crash.
CVSS Base Score: 4.4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/119086 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7429
DESCRIPTION: NTP is vulnerable to a denial of service, caused by an attack
on interface selection. By sending specially crafted packets with spoofed
source address, a physical attacker could exploit this vulnerability to
cause a denial of service.
CVSS Base Score: 1.6
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/119093 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-8610
DESCRIPTION: The SSL/TLS protocol is vulnerable to a denial of service,
caused by an error when processing ALERT packets during a SSL handshake. By
sending specially-crafted plain-text ALERT packets, a remote attacker could
exploit this vulnerability to consume all available CPU resources. Note:
This vulnerability is called "SSL-Death-Alert".
CVSS Base Score: 7.5
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/118296 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-3731
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by
an out-of-bounds read when using a specific cipher. By sending specially
crafted truncated packets, a remote attacker could exploit this vulnerability
using CHACHA20/POLY1305 to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/121312 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

ISPIM 2.0.2 and 2.1

Remediation/Fixes

Affected Product and Version	Fix availability
ISPIM 2.0.2			2.0.2-ISS-ISPIM-VA-IF0010
ISPIM 2.1			2.1.0-ISS-ISPIM-VA-FP0003

Workarounds and Mitigations

None

References

Complete CVSS v3 Guide
On-line Calculator v3

Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

02 June 2017: First Publish

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency
and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT
WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING
THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWTSyK4x+lLeg9Ub1AQgv2w//WFNxnqXojHXsqZNYd2OzpRfnfG53vsKe
5xG8f8YHSIXlW3+M9CtfIUfvBDOfG+IZ8tUJucdyrPVmkaerlDor7Yy5m3RMMhXX
hOXG2jvwdm0Jpvg1Elg5OS9FHM4pJo15jJ5zAbiiEfltCUfTVlT2GlfaFdlWyxmr
l7CGkszSGYrAYJsMZO84kRVhBb899SN90kDQXT7LXtbIWt+MLdBkPETXza656CPL
7WNmIc+cnJUkMfv0cD3WmfFvPXlUzZ/jMohHWHZIHcJtA/JklGsysykIVtuUzfEQ
ER1FxczRI5t/Gw+vN0VLQv75eB1ZT6cgVu6Mofd43NIuL/3L5GXoJj5NnbUhUxM7
zMBx4JEDBn7L2sRdcpR4ON9dZR3w9Gii8iPoPRdnWOWRTGRlSGvfGklYsrTlpBcV
dYrzQzcxQ27v9UR6McZuJzbrmdKZ4Cyj9mPsF+V0bkHkyfoRBG2s+LZGTfpBfulL
fOlGM55+NBWpbeWQ1GMxgYYfeUnbKWukHDUtkiLOx2cJ8NAlpL+tbOLpcGkPg9Qu
IlfOnlyoeDb2l7fRtZLQEPieNvdGZ4eqYQjfdUsYVKYTM1Hj8o5hpooB2V6Udq7B
PtJTACPKW+e+eQEDU+eYIhE6UzVu80YxZ4ykvRRw35Hl553tU0TahLENrymKZ569
QTPOFT7hpjo=
=ZYwl
-----END PGP SIGNATURE-----