Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3488
Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus
CVE-2019-10140, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479,
CVE-2019-13233, CVE-2019-13272, CVE-2019-14283,
CVE-2019-14284, CVE-2019-15090, CVE-2019-15807,
CVE-2019-15925
13 September 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Spectrum Protect Plus
Publisher: IBM
Operating System: Linux variants
Impact/Access: Root Compromise -- Existing Account
Access Privileged Data -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-15925 CVE-2019-15807 CVE-2019-15090
CVE-2019-14284 CVE-2019-14283 CVE-2019-13272
CVE-2019-13233 CVE-2019-11479 CVE-2019-11478
CVE-2019-11477 CVE-2019-10140
Reference: ASB-2019.0174
ASB-2019.0172
ESB-2019.3476
ESB-2019.3439
ASB-2019.0178.2
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm11072398
- --------------------------BEGIN INCLUDED TEXT--------------------
Linux Kernel vulnerabilities affect IBM Spectrum Protect Plus CVE-2019-10140,
CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-13233, CVE-2019-13272,
CVE-2019-14283, CVE-2019-14284, CVE-2019-15090, CVE-2019-15807, CVE-2019-15925
Security Bulletin
Summary
Multiple vulnerabilities in the Linux Kernel such as denial of service,
elevation of privileges, execution of arbitrary code on the system, and the
ability to obtain sensitive information affect IBM Spectrum Protect Plus.
UPDATED: 11 September 2019 to add CVE-2019-15925
Vulnerability Details
CVEID: CVE-2019-10140
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
NULL pointer dereference in the ovl_posix_acl_create function in fs/overlayfs/
dir.c. By creating directories on overlayfs, a local attacker could exploit
this vulnerability to cause the kernel to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
165372 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11477
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an
integer overflow when processing TCP Selective Acknowledgement (SACK)
capabilities. By sending specially-crafted SACKs requests, a remote attacker
could exploit this vulnerability to cause a kernel panic condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162662 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11478
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an
issue with fragmenting the TCP retransmission queue when processing TCP
Selective Acknowledgement (SACK) capabilities. By sending specially-crafted
SACKs requests, a remote attacker could exploit this vulnerability to cause an
excess of system resource usage.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162664 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11479
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
flaw when processing minimum segment size (MSS). By sending specially-crafted
MSS traffic, a remote attacker could exploit this vulnerability to cause excess
usage of system resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162665 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-13233
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
use-after-free flaw when a race between modify_ldt() and #BR Exception occurs.
By sending a specially-crafted request, a local attacker could exploit this
vulnerability to cause a denial of service condition.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162780 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-13272
DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated
privileges on the system, caused by improper permission validation and improper
object lifetime handling for PTRACE_TRACEME in the ptrace_link function. By
sending a specially-crafted request, an attacker could exploit this
vulnerability to gain root privileges on the system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
163733 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-14283
DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary
code on the system, caused by an integer overflow and out-of-bounds read in the
drivers/block/floppy.c. By using a specially-crafted floppy disk, an attacker
could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
165352 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-14284
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by
setup_format_params division-by-zero in drivers/block/floppy.c. By sending
specially-crafted ioctls, a local attacker could exploit this vulnerability to
cause the application to crash.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
165351 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-15090
DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive
information, caused by an out-of-bounds read in the drivers/scsi/qedi/
qedi_dbg.c. A local attacker could exploit this vulnerability to obtain
sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
165454 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2019-15807
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
memory leak in sas_expander.c when SAS expander discovery fails. By sending a
specially-crafted request, a remote attacker could exploit this vulnerability
to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
166306 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-15925
DESCRIPTION: Linux Kernel could allow a remote attacker to obtain sensitive
information, caused by an out-of-bounds access flaw in the
hclge_tm_schd_mode_vnet_base_cfg function in hclge_tm.c. By sending a
specially-crafted request, an attacker could exploit this vulnerability to
obtain sensitive information or cause a denial of service condition on the
system.
CVSS Base Score: 9.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
166576 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)
Affected Products and Versions
IBM Spectrum Protect Plus 10.1.0 through 10.1.4.179 (10.1.4 eFix1)
Remediation/Fixes
+--------------+-----------+----------+------------------------------------------------------------------------------------------+
|Spectrum |First |Platform | |
|Protect Plus |Fixing | | |
|Release |VRM Level | |Link to Fix |
+--------------+-----------+----------+------------------------------------------------------------------------------------------+
|10.1 |10.1.4.222 |Linux |http://www.ibm.com/support/docview.wssuid=ibm10880861 |
| |(10.1.4 | | |
| |eFix2) | | |
+--------------+-----------+----------+------------------------------------------------------------------------------------------+
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXXrdPmaOgq3Tt24GAQgkVxAAuhSG1kA3BwlYSYmXJsBH2j3xr6lS9JR8
dcigwY1XRgJQpgnotvH2QWWZxxQom3uSbARHFjMOJqaDWEcaef0WALICsuRTQz9j
BzVXo73S0fSJDRnHQHSfQVh6BxGHRnxiSIfVc5ls4WG7S55vAFaoX7sxDpjGzaj3
+IkSD87a402JP3XCSTzbDu1i2A5pUoQA1RiQXWhQurWaPSpUjxdRIHnWwM3v21II
jrvX4iNxJYpPvBitBLrWOOOLUjJyPNbIIwFdBZpsMaJpqHoYKrjqT7+x/JmYQDwm
yQyv34g23kwdFxLhkpv41YIGDxkwvUCIJU3nA5t+UT5JWYnQO3vG+OmlQDpPQywh
/kQ2o0zCjVxraNcATxoZ+GXCV4fzenQe6Apuf0c+6pN2gaLGeUNTM4E/3Wi1Dr1d
ToWutdIhtw5Of+fyGgGmu+ATaEl9It8J4Wf9gxaR5JpUEs0sv8U982R8VzPoNr8P
O8/Po9NasUjLC3zSd6MQWf7kK7iHKPToKgEWlFSN5A49G8KwHoxrIXdy18WQ5L7+
zoILRCWY+HdwtM2x0HRdKvXw0Y7mrmJgiKMN7OF+wNlZYPGVhuuwvkYF/XVmOkoI
gS7UDO0O+wGk6gPB/8D8DxUOOeyE7HwE1bwm0Vqkcea/x0VBDTij/VTdSR8ZHkCt
exAEthaS+8Y=
=Fnr4
-----END PGP SIGNATURE-----