Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1789
A vulnerability in libsoup affects PowerKVM
20 May 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: PowerKVM
Publisher: IBM
Operating System: PowerKVM
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Privileged Data -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-12910 CVE-2019-3816 CVE-2019-3863
CVE-2019-3838 CVE-2018-5407 CVE-2018-1084
CVE-2019-5736 CVE-2019-9636
Reference: ESB-2019.1726
ESB-2019.1690
ESB-2018.3474
ESB-2018.3386
ESB-2018.1955
ESB-2018.1937
ESB-2018.1181
ESB-2018.1178
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10879787
http://www.ibm.com/support/docview.wss?uid=ibm10879789
http://www.ibm.com/support/docview.wss?uid=ibm10878989
http://www.ibm.com/support/docview.wss?uid=ibm10878987
http://www.ibm.com/support/docview.wss?uid=ibm10879791
http://www.ibm.com/support/docview.wss?uid=ibm10878985
http://www.ibm.com/support/docview.wss?uid=ibm10874756
http://www.ibm.com/support/docview.wss?uid=ibm10879787
Comment: This bulletin contains eight (8) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
A vulnerability in libsoup affects PowerKVM
Product: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0879787
Security Bulletin
Summary
PowerKVM is affected by a vulnerability in libsoup. IBM has now addressed this
vulnerability.
Vulnerability Details
CVEID: CVE-2018-12910
DESCRIPTION: An unspecified error in get_cookies function in soup-cookie-jar.c
in libsoup has an unknown impact via an empty hostname.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
147348 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 18.
Workarounds and Mitigations
none
Change History
3 April 2019 - Initial Version
=================================================================================
A vulnerability in OpenWSMAN affects PowerKVM
Product: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0879789
Security Bulletin
Summary
PowerKVM is affected by a vulnerability in OpenWSMAN. IBM has now addressed
this vulnerability.
Vulnerability Details
CVEID: CVE-2019-3816
DESCRIPTION: OpenWSMAN could allow a remote attacker to obtain sensitive
information, caused by the working directory of openwsmand daemon being set to
root directory. By sending a specially crafted HTTP request, an attacker could
exploit this vulnerability to view arbitrary files outside of the registered
URIs.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158792 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 18.
Workarounds and Mitigations
none
Change History
3 April 2019 - Initial Version
=================================================================================
Vulnerabiliies in libssh2 affect PowerKVM
Product: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0878989
Security Bulletin
Summary
PowerKVM is affected by vulnerabilities in libssh2. IBM has now addressed these
vulnerabilities.
Vulnerability Details
CVEID: CVE-2019-3863
DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on
the system, caused by an integer overflow in user authenticate keyboard
interactive. By sending a specially crafted message, a remote attacker could
exploit this vulnerability to trigger an out-of-bounds write and execute
arbitrary code on the client system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158347 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-3857
DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on
the system, caused by an integer overflow. By sending a specially crafted
SSH_MSG_CHANNEL_REQUEST packet with an exit signal message, a remote attacker
could exploit this vulnerability to trigger an out-of-bounds write and execute
arbitrary code on the client system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158341 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-3856
DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on
the system, caused by an integer overflow in keyboard interactive handling. By
sending a specially crafted request, a remote attacker could exploit this
vulnerability to trigger an out-of-bounds write and execute arbitrary code on
the client system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158340 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-3855
DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on
the system, caused by an integer overflow in transport read. By sending
specially crafted packets, a remote attacker could exploit this vulnerability
to trigger an out-of-bounds read and execute arbitrary code on the client
system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158339 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 18.
Workarounds and Mitigations
none
Change History
28 March 2019 - Initial Version
=================================================================================
Vulnerabiliies in ghostscript affect PowerKVM
Product: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0878987
Security Bulletin
Summary
PowerKVM is affected by vulnerabilities in ghostscript. IBM has now addressed
these vulnerabilities.
Vulnerability Details
CVEID: CVE-2019-3838
DESCRIPTION: Ghostscript could allow a remote attacker to bypass security
restrictions, caused by improper usage of forceput operator. By persuading a
victim to open a specially-crafted PostScript file, a remote attacker could
exploit this vulnerability to gain access to the file system outside of the
constraints imposed by -dSAFER.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158503 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-3835
DESCRIPTION: Ghostscript could allow a remote attacker to bypass security
restrictions, caused by improper usage of superexec operator. By persuading a
victim to open a specially-crafted PostScript file, a remote attacker could
exploit this vulnerability to gain access to the file system outside of the
constraints imposed by -dSAFER.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158502 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 18.
Workarounds and Mitigations
none
Change History
28 March 2019 - Initial Version
=================================================================================
A vulnerability in OpenSSL affects PowerKVM
Product: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0879791
Security Bulletin
Summary
PowerKVM is affected by a vulnerability in OpenSSL. IBM has now addressed this
vulnerability.
Vulnerability Details
CVEID: CVE-2018-5407
DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could
allow a local attacker to obtain sensitive information, caused by execution
engine sharing on Simultaneous Multithreading (SMT) architecture. By using the
PortSmash new side-channel attack, an attacker could run a malicious process
next to legitimate processes using the architectures parallel thread running
capabilities to leak encrypted data from the CPU's internal processes. Note:
This vulnerability is known as PortSmash.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152484 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 18.
Workarounds and Mitigations
none
Change History
3 April 2019 - Initial Version
=================================================================================
A vulnerability in Corosync affects PowerKVM
Product: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0878985
Security Bulletin
Summary
PowerKVM is affected by a vulnerability in Corosync. IBM has now addressed this
vulnerability.
Vulnerability Details
CVEID: CVE-2018-1084
DESCRIPTION: Corosync is vulnerable to a denial of service, caused by an
integer overflow in exec/totemcrypto.c. By sending a specially-crafted packet,
a remote attacker could exploit this vulnerability to cause the application to
crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
141586 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 18.
Workarounds and Mitigations
none
Change History
28 Mar 2019 - Initial Version
=================================================================================
A vulnerability in Docker affects PowerKVM
Product: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0874756
Security Bulletin
Summary
PowerKVM is affected by a vulnerability in Docker. IBM has now addressed this
vulnerability.
Vulnerability Details
CVEID: CVE-2019-5736
DESCRIPTION: Runc could allow a local attacker to execute arbitrary commands on
the system, cause by the improper handling of system file descriptors when
running containers. An attacker could exploit this vulnerability using a
malicious container to overwrite the contents of the host runc binary and
execute arbitrary commands with root privileges on the host system.
CVSS Base Score: 7.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
156819 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see https://
ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 18.
Workarounds and Mitigations
none
Change History
4 Mar 2019 - Initial Version
=================================================================================
A vulnerability in Python affects PowerKVM
Product: PowerKVM
Software version: 3.1
Operating system(s): Linux
Reference #: 0880407
Summary
PowerKVM is affected by a vulnerability in Python. IBM has now addressed this
vulnerability.
Vulnerability Details
CVEID: CVE-2019-9636
DESCRIPTION: Python urllib.parse.urlsplit and urllib.parse.urlparse components could
allow a remote attacker to obtain sensitive information, caused by improper unicode
encoding handling in NFKC normalization. By using a specially-crafted URL, an attacker
could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158114
for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
PowerKVM 3.1
Remediation/Fixes
Customers can update PowerKVM systems by using "yum update".
Fix images are made available via Fix Central. For version 3.1, see
https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 18.
Workarounds and Mitigations
none
Change History
9 April 2019 - Initial Version
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXOH3hmaOgq3Tt24GAQgyjg/+KlQDxQ0HeMS6wGgra+Dqaoyp2WNBdkb8
EIYm+WehFMyDh+3NovEgf+fHd1v5kVr9FoIuXKOaNe4e6YC4ZBKjIcN7D8aFCJvd
/IFtYd0eJSIwn7c67snUDiGQ7eDzGTMow5R6fqdiJdr+F917fWYIZzLPgSq+s/mj
Sz61OrK74wqqzDzuc42qppZeAW2eYORZygFBqatGQTKDzYfveyWFnSc0otUfSJdV
tN+e1VCQ6Aa5f2nXs0w+2+ZOIUa1MNmKyOlkyN5DdePpjl78MI0wg9CngoXgJvb5
54lUeCFoS05FWrcmSt4PyTpAWK92GnO3rGKWwhFyVaRup2DN65orjz/ENMyFc8sb
BI+aPStAvU/vpyXK+wgeuwxF0HiDNi+Yz2ytAWI04dXL6vjCbzH4c7IcUEgi8EET
1LK5KeXGkKIlmVKTbl+Eq86xv6RS+gXrxhC+YIlTgVudAeFx39XTrRt3PRhpiyBd
h6ODmyuHTFZ3WWM3jpxkS0sEO0w3h1AdmCLJA2Y034UkhoP34qi4J3p0mC8ZcTRE
F7wSLU8q/cB9i21U7NLylY3JE45aLPrB89THzAZZFxZ+KAyIdZi4uiTDp8eQqXE9
Dslj3xpPLDZYxeOG6XHNqHvMaxnH//tgqM/EKgGxBCtxKWk4H+ctn7ga0o9WKHrY
hO6VjYMvit0=
=hVic
-----END PGP SIGNATURE-----