Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2917 IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-5391) 5 August 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Security Identity Governance and Intelligence Publisher: IBM Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-5391 Reference: ASB-2019.0060 ASB-2019.0041 ESB-2019.1793 ESB-2019.1630 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10958679 - --------------------------BEGIN INCLUDED TEXT-------------------- IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-5391) Product: IBM Security Identity Governance and Intelligence Software version: 5.2.4, 5.2.4.1 Operating system(s): Appliance Reference #: 0958679 Security Bulletin Summary IBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to security vulnerability. A vulnerability in the Linux kernel, included in IBM Security Identity Governance and Intelligence (IGI), affects the way the Linux kernel handles reassembly of fragmented IPv4 and IPv6 packets. By sending specially crafted IP fragments with random offsets, a remote attacker could exploit this vulnerability to exhaust all available CPU resources and cause a denial of service. Vulnerability Details CVEID: CVE-2018-5391 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the reassembly of fragmented IPv4 and IPv6 packets by the IP implementation. By sending specially crafted IP fragments with random offsets, a remote attacker could exploit this vulnerability to exhaust all available CPU resources and cause a denial of service. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148388 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions IBM Security Identity Governance and Intelligence (IGI) 5.2.4, 5.2.4.1 Remediation/Fixes +-----------------------------------------------------+-----------------------------------------------------+------------------------------------------------------+ |Product Name |VRMF |First Fix | +-----------------------------------------------------+-----------------------------------------------------+------------------------------------------------------+ |IGI |5.2.4 | 5.2.5.0-ISS-SIGI-FP0000 | +-----------------------------------------------------+-----------------------------------------------------+------------------------------------------------------+ |IGI |5.2.4.1 | 5.2.5.0-ISS-SIGI-FP0000 | +-----------------------------------------------------+-----------------------------------------------------+------------------------------------------------------+ Workarounds and Mitigations None Change History 09 July 2019: Original Version Published Product Alias/Synonym IGI IGA - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXUe1PWaOgq3Tt24GAQgy2BAAokD/17yuZuy00TwVMzndWO+PvhwY/PtB Xy8ZGWpeYIYiSZ97KpRiDNXVpyBC8sT+w78DABK9fYC1pTigS8twYwF8dzGbWU9v 7yL+YzPQiqKw8VIIK9VCywTw90QiyiQ0YYNbbdhq7fIS81inKNr/xkulITHarP5B q/lwkk6gPKqBH66Zt3Q1u6KuL2Vt0T+tHvlohcuLhjJBOEn7efccWUxf4rjVvPen Nr2y0E6hDx1HMG91L0dlYDAGamGX8hITt1vHTFIlqCOZabkIonvjXD6toyOQRRKE kT1BWVAuen8+CuX8st4aL1ITHX7UG9EaKOpBF2NQftM/lPgq6rJRTX6QGJUJh5LI agTu7f4Ti+C0UJ541Yf1j31QpNIwSr496Ui2I1xL2RplCVSxcTAYEQKHQKCfzfXT zSx9thlSXXv0vE3JeB1eSaDeozEr7hEVfjfja6HINUnCuyzs4NMZdmtFQguRBWzS NPz4+Htua7L7pBkg/PvQ2D5V8PKPS1DwXJLjdZtyyMlCg57Q3c4miGsfwjQ9vDVP C4EzgTpXIOztn0gQnNMG80I3v+KrfPBGShq7c2nk6edysiyXU73QEMulpsZ0iqqA Y9IBz0gd+tm3gwz58Bm3hKl/HbhbthwjdavxxrMTKfpiN3jqXYx7FWkKyNDUv6gR 3eOzZ5Zz7/I= =sASR -----END PGP SIGNATURE-----