Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2376
Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server
(CVE-2018-1922, CVE-2018-1923, CVE-2018-1936, CVE-2018-1978, CVE-2018-1980,
CVE-2019-4014, CVE-2019-4015, CVE-2019-4016, CVE-2019-4094)
1 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Spectrum Protect
Publisher: IBM
Operating System: Windows
AIX
HP-UX
Linux variants
Solaris
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-4094 CVE-2019-4016 CVE-2019-4015
CVE-2019-4014 CVE-2018-1980 CVE-2018-1978
CVE-2018-1936 CVE-2018-1923 CVE-2018-1922
Reference: ASB-2019.0122
ASB-2019.0115
ESB-2019.1988
ESB-2018.3670
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10882974
- --------------------------BEGIN INCLUDED TEXT--------------------
Multiple Db2 vulnerabilities affect the IBM Spectrum Protect Server
(CVE-2018-1922, CVE-2018-1923, CVE-2018-1936, CVE-2018-1978, CVE-2018-1980,
CVE-2019-4014, CVE-2019-4015, CVE-2019-4016, CVE-2019-4094)
Product: IBM Spectrum Protect
Component: Server
Software version: 7.1, 8.1
Operating system(s): AIX, HP-UX, Linux, Solaris, Windows
Reference #: 0882974
Security Bulletin
Summary
The IBM Spectrum Protect (formerly Tivoli Storage Manager) Server is affected
by multiple IBM Db2 vulnerabilities such as buffer overflow and loading
binaries from an untrusted path. These Db2 vulnerabilities could allow
execution of arbitrary code on the system or elevation of user privileges.
Vulnerability Details
CVEID: CVE-2018-1922
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can
potentially result in arbitrary code execution. IBM X-Force ID: 152858.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152858 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-1923
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can
potentially result in arbitrary code execution. IBM X-Force ID: 152859.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152859 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-1936
DESCRIPTION: IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a
stack based buffer overflow, caused by improper bounds checking which could
allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
153316 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-1978
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow
an authenticated local attacker to execute arbitrary code on the system as
root. IBM X-ForceID: 154069.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
154069 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-1980
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow
an authenticated local attacker to execute arbitrary code on the system as
root. IBM X-ForceID: 154078.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
154078 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-4014
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow
an authenticated local attacker to execute arbitrary code on the system as
root. IBM X-Force ID: 155892.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155892 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-4015
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow
an authenticated local attacker to execute arbitrary code on the system as
root. IBM X-ForceID: 155893..
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155893 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-4016
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow
an authenticated local attacker to execute arbitrary code on the system as
root. IBM X-ForceID: 155894.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155894 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2019-4094
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path
potentially giving low privilege user full access to root by loading a
malicious shared library. IBM X-Force ID: 158014.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158014 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
These vulnerabilities affects the following IBM Spectrum Protect (formerly
Tivoli Storage Manager) Server levels:
o 8.1.0.0 through 8.1.7.xxx
o 7.1.0.0 through 7.1.9.200
Remediation/Fixes
+------------------------+------------+------------+----------------------------------------------------------------------------+
|IBM Spectrum Protect |First Fixing|Platform |Link to Fix |
|Server Release |VRM Level | | |
+------------------------+------------+------------+----------------------------------------------------------------------------+
|8.1 |8.1.8 |AIX |https://www.ibm.com/support/docview.wssuid=ibm10888463 |
| | |Linux | |
| | |Windows | |
+------------------------+------------+------------+----------------------------------------------------------------------------+
|7.1 |7.1.9.300 |AIX |ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/server/ |
| | |HP-UX | |
| | |Linux | |
| | |Solaris | |
| | |Windows | |
+------------------------+------------+------------+----------------------------------------------------------------------------+
Workarounds and Mitigations
None
Change History
28 June 2019 - original version published
Cross reference information
Product Component Platform Version Edition
Tivoli Storage Server AIX, HP-UX, Linux, Solaris, 7.1
Manager Windows
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXRmRfGaOgq3Tt24GAQg5pg/+NAqj6At64+XuhvSq/avTkil0yt6i+Wr7
K7ASkLSQORVbIagMBDsxXgOb4QNe7/TkQDbT6iW8z3rMEFkXV5aWyCt3GoO8u3Vv
inVSY9M4EKRpllwL51WFT03eTp/KWq9gKj31gR9EUEJeJPPT90DhS/imryCwJVEV
6wxP+xebtoY1OQxI9C6Twhll+X67YTZlJa66Z7ZQ5iuyRotFpFon5lm6itw+Map7
q6sdr4LJhGKqPtiTieHLXQFYX8VvQmpGgVPyS66vqVNIkjEKEpfE1qVMrFXCG6cI
L2b9g5XJSOu0nzaDa6hwYVy6zThUJqbZUmlG8dyhH/sGGA/rp4wAwwdUuyQiUuEF
yDfv5hKfXJZVL32zx3369hd6ESpaEtjnDlX0PmBjI8GKFYKdQRhxdayXQZKp+QK7
Z8bUsLxI49N8gaFiHBjjUtkNWw3CJbSfmfiCrVUis3p6p0SAEqXX9HIfXNeW8B5I
FO4Ze64R7dT0v1hzcL5jHv5/ZBM5gFomY1hV2wtJQjCzYFI52OXK8lyEd3SStpew
Z2s3ZKAflJi7pmbGF8mvAIKozZ4oF5sFCShYAPaDQ8c860pzqT2kQmtn8fmxvHlx
FdwDI/9oraLvRzFb/Hi6lE3j8/Zi4GCuqcO9BCFoPg+Ej4rQ4Na7U1KQtOgDSerz
XUJa/usAciI=
=l6v6
-----END PGP SIGNATURE-----