Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1968 Multiple open source vulnerabilities affect IBM PureApplication System 3 June 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM PureApplication System Publisher: IBM Operating System: AIX Linux variants Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-5519 CVE-2019-5518 CVE-2018-1000301 CVE-2018-11237 CVE-2018-0737 CVE-2018-0732 Reference: ASB-2019.0119 ASB-2019.0109 ESB-2019.1967 ESB-2019.1949 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10885604 - --------------------------BEGIN INCLUDED TEXT-------------------- Multiple open source vulnerabilities affect IBM PureApplication System Product: PureApplication System Component: Security Software version: 2.2.3.0, 2.2.3.1, 2.2.3.2, 2.2.4.0, 2.2.5.0, 2.2.5.1, 2.2.5.2, 2.2.5.3, 2.2.6.0 Operating system(s): AIX, Linux, Windows Software edition: All Editions Reference #: 0885604 Security Bulletin Summary Vulnerabilities in openSSL, glibc, curl, and VMWare that are used in IBM PureApplication System. IBM PureApplication System has addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2018-1000301 DESCRIPTION: curl is vulnerable to a denial of service, caused by heap-based buffer over-read. By sending a specially crafted RTSP response, a remote attacker could overflow a buffer and possibly obtain sensitive information or cause the application to crash. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143390 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) CVEID: CVE-2018-11237 DESCRIPTION: GNU glibc is vulnerable to a buffer overflow, caused by improper bounds of checking by the mempcpy function. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143580 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2018-0737 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation algorithm. An attacker with access to mount cache timing attacks during the RSA key generation process could exploit this vulnerability to recover the private key and obtain sensitive information. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141679 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 144658 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2019-5518 DESCRIPTION: VMware ESXi, Workstation, and Fusion could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read/write flaw in the virtual USB 1.1 UHCI (Universal Host Controller Interface). By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the host system. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158820 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-5519 DESCRIPTION: VMware ESXi, Workstation, and Fusion could allow a remote attacker to execute arbitrary code on the system, caused by a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the host system. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158821 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions IBM PureApplication System V2.2.3.0 IBM PureApplication System V2.2.3.1 IBM PureApplication System V2.2.3.2 IBM PureApplication System V2.2.4.0 IBM PureApplication System V2.2.5.0 IBM PureApplication System V2.2.5.1 IBM PureApplication System V2.2.5.2 IBM PureApplication System V2.2.5.3 Remediation/Fixes Note about the package upgraded levels. Upgrade the IBM PureApplication System to the following fix release: o IBM PureApplication System V2.2.6.0 Information on upgrading can be found here: http://www-01.ibm.com/support/ docview.wssuid=swg27039159 Workarounds and Mitigations None Change History May 31, 2019: Original document published - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXPR4L2aOgq3Tt24GAQhk4BAA2nuDh3BWokR3mHp0Gf1D/XOmOF8i32G3 nv+Ig/1+vKArRVZgEhCffAWox8y28mlqaMFVrzmAnOI2b6UD2wNyyjWOgGjiJ3Hk VOCVc5Ojb7vYbAuDmvO3kHK+2lfN+84wVgxMEKDwsTTCy8NyrEc5OeJR8nVJE1bG L+JyZOb/0omgsdJp68VdCPnoRJVEXX8lyQQAYJnSh9/23V1xu4CkrkgtH9rQloiw 8wOPc7IKfm6dGaPzM+uXg91yN6fdjs+2IsgddsYmEms/CToBiQ3bwZPuwTlqe2WZ RpOdI8CDr1+IMSm8ArRO9oVeCoQ/in+2T8hnziscXbpic4RjQvEXTdvahKLEsmd+ VNQdh6h/SjqCndZcLmXzveZDnTSuhIEeSpWMLjXb1a9UuJnHkoPFeGRq5BrSBg99 JgDBFARwLwPkO/lNRYpVz46RbQIp6jV7/osfjx0aFv9oXaoxDuQ4Saw0rmuXgYIN af0kKuKhmLcH06RYcwFayr/qGaH1+9pS7lRvStkMtKgTUqJfThoRXgFkgFSqnWa/ IvQXK02LxBD9dMycoTL8bNhsUDn57gF08cOexnWTdVVDgEQVb394LTe10Gv+DJbg rBkifJAnCR3Ffayv2gaVAJmKtaSlYQlIIQhVIWkuXeaeb+HYI96p5fIs7Fr1f47r 7zNMhyejato= =DIIO -----END PGP SIGNATURE-----