Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.6112 Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities. 23 November 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM QRadar Publisher: IBM Operating System: Network Appliance Resolution: Patch/Upgrade CVE Names: CVE-2022-22942 CVE-2022-1271 CVE-2021-43527 CVE-2021-4155 CVE-2021-3573 CVE-2021-3347 CVE-2021-0920 CVE-2020-35513 CVE-2020-25643 CVE-2020-25212 CVE-2020-24394 CVE-2020-15436 CVE-2020-14385 CVE-2020-14331 CVE-2020-14314 CVE-2020-10942 CVE-2020-10769 CVE-2020-8648 CVE-2020-0466 CVE-2020-0465 CVE-2019-20811 CVE-2019-18282 CVE-2018-25032 Original Bulletin: https://www.ibm.com/support/pages/node/6840945 Comment: CVSS (Max): 9.8 CVE-2021-43527 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: IBM Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- IBM QRadar Network Security is affected by multiple vulnerabilities. Document Information Document number : 6840945 Modified date : 22 November 2022 Product : IBM QRadar Network Security Software version : 5.4.0.17, 5.5.0.12 Operating system(s): Firmware Summary IBM QRadar Network Security has addressed the following vulnerabilities by updating the associated components. (CVE-2022-1271, CVE-2019-18282, CVE-2019-20811, CVE-2020-0465, CVE-2020-0466, CVE-2020-10769, CVE-2020-10942, CVE-2020-14314, CVE-2020-14331, CVE-2020-14385, CVE-2020-15436, CVE-2020-24394, CVE-2020-25212, CVE-2020-25643, CVE-2020-35513, CVE-2020-8648, CVE-2021-0920, CVE-2021-3347, CVE-2021-3573, CVE-2021-4155, CVE-2022-22942, CVE-2021-43527, CVE-2018-25032 ) Vulnerability Details CVEID: CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 222615 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2022-1271 DESCRIPTION: GNU gzip could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of file name by the zgrep utility. By using a specially-crafted file name, an attacker could exploit this vulnerability to write arbitrary files on the system. CVSS Base score: 7.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 223754 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2019-18282 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a device tracking vulnerability in flow_dissector feature. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system. CVSS Base score: 4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 174716 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2019-20811 DESCRIPTION: Linux Kernel could provide weaker than expected security, caused by mishandling of reference count in the rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c. A local attacker could exploit this vulnerability to launch further attacks on the system. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 183253 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2020-0465 DESCRIPTION: Google Android could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in various methods of hid-multitouch.c. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 8.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 193398 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2020-0466 DESCRIPTION: Google Android could allow a local attacker to gain elevated privileges on the system, caused by a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 8.4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 193397 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2020-10769 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a buffer over-read in the crypto_authenc_extractkeys function in crypto/ authenc.c. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 183857 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-10942 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper validation of an sk_family field by the get_raw_socket function in drivers/vhost/net.c. By sending specially-crafted system calls, a local attacker could exploit this vulnerability to cause a kernel stack corruption resulting in a denial of service condition. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 178539 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-14314 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory out-of-bounds read flaw. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the system to crash. CVSS Base score: 4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 188395 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2020-14331 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an out-of-bounds write flaw in the implementation of the invert video code on VGA consoles. By sending a specially-crafted request to resize the console, an authenticated attacker could exploit this vulnerability to gain elevated privileges or crash the system. CVSS Base score: 6.6 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 185987 for the current score. CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2020-14385 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a failure of the file system metadata validator in XFS. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause the system to shutdown. CVSS Base score: 4 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 188394 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2020-15436 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in fs/ block_dev.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges, or cause a denial of service condition. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 192171 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2020-24394 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to bypass security restrictions, caused by the lack of ACL support to the filesystems in fs/nfsd/vfs.c (in the NFS server). By sending a specially-crafted request, an attacker could exploit this vulnerability to set incorrect permissions on new filesystem objects. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 186968 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2020-25212 DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a TOCTOU mismatch in the NFS client code. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or corrupt memory. CVSS Base score: 5.9 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 188137 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2020-25643 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory corruption and a read overflow flaws in the ppp_cp_parse_cr function in the HDLC_PPP module. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash or a denial of service condition. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 189415 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-35513 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw with incorrectly umask during file or directory modification in the NFS (network file system) function. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 195545 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2020-8648 DESCRIPTION: Linux kernel could allow a remote attacker to obtain sensitive information, caused by a use-after-free in the n_tty_receive_buf_common function of drivers/tty/n_tty.c. An attacker could exploit this vulnerability to read memory that should not be available for access. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 175843 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2021-0920 DESCRIPTION: Google Android could allow a local attacker to gain elevated privileges on the system, caused by a use after free flaw due to a race condition in unix_scm_to_skb of af_unix.c. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 215673 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2021-3347 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a kernel stack use-after-free during fault handling in PI futexes. An attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the kernel. CVSS Base score: 7.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 195798 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2021-3573 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw in the hci_sock_bound_ioctl function. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the kernel to crash. CVSS Base score: 6.2 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 203249 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2021-4155 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by data leak flaw in the way how XFS_IOC_ALLOCSP IOCTL in the XFS filesystem is allowed for size increase of files with unaligned size. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information on the XFS filesystem, and use this information to launch further attacks against the affected system. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 216919 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2022-22942 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by improper file descriptor handling in the vmwgfx driver. By sending a specially-crafted ioctl call, an attacker could exploit this vulnerability to gain access to files opened by other processes on the system, and use this information to launch further attacks against the affected system. CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 218323 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2021-43527 DESCRIPTION: Mozilla Network Security Services (NSS), as used in Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when handling DER-encoded DSA or RSA-PSS signatures. By sending an overly long signature, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base score: 9.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 214347 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions +---------------------------+------------+ |Affected Product(s) |Version(s) | +---------------------------+------------+ |IBM QRadar Network Security|5.4.0, 5.5.0| +---------------------------+------------+ Remediation/Fixes IBM strongly encourages customers to update their systems promptly. +------------+-----+----------------------------------------------------------+ |Product |VRMF |Remediation/First Fix | +------------+-----+----------------------------------------------------------+ | | |Install Firmware 5.4.0.17 from the Available Updates page | | | |of the Local Management Interface, or by performing a One | | | |Time Scheduled Installation from SiteProtector. | | | |Or | |IBM QRadar | |Download Firmware 5.4.0.17 from IBM Security License Key | |Network | |and Download Center and upload and install via the | |Security |5.4.0|Available Updates page of the Local Management Interface. | +------------+-----+----------------------------------------------------------+ | | |Install Firmware 5.5.0.12 from the Available Updates page | | | |of the Local Management Interface, or by performing a One | | | |Time Scheduled Installation from SiteProtector. | | | |Or | |IBM QRadar | |Download Firmware 5.5.0.12 from IBM Security License Key | |Network | |and Download Center and upload and install via the | |Security |5.5.0|Available Updates page of the Local Management Interface. | +------------+-----+----------------------------------------------------------+ Workarounds and Mitigations None Change History 22 Nov 2022: Initial Publication - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBY32UiskNZI30y1K9AQiH3A//YDJkV2UEl41xwaHMolAcKzeUfBg42+9j /OHINd9davsWzkZkxq5TKoFzusGvwkmGLRPnj9B39qb7GllZReDQgtr1M5NjUDSV cfGlcQ51uL9NtGadx38RB1A+SpE/UtiGVzGRgHqNPbXmpktJiv5WdCzJJSGyRgRJ gqrR7Kwf3kbctQKBrcTIzyY2oULHvWDyVHy2eFKUDP2FQbMh4miS84h1zMBrFzwH P9yR9d5SJXn3dKyH1YDDfiJb8i3KSPFTp3KcmTheQR66hLYQmXrxn6FMQRseAohC INX+2b8CGNuvZOgtaI+76QQ0pn3nepxhSl/gVHeJtju79Nt4jHQvYuT9/Pqf7oef HVT5hZbsM6Y0G0Nni3HH6T6FI3OvGMdeznVgZxgjoKWiUWgBZZ0FY7HwSmc/UCk+ XTjktxdHiv1ka8aPEseNWwdgYz+nuJHhcMo6p0SfxgbfFHumt5IOa8D3ruyDgjM9 yFvAGFYveNydHvAX5/3ITSGAWNDIeu9attoTQEbIWAYCU7zBLiZJIYQYe1vxXVvg /gt0yR5+r9ED9byPsETolePU54jnlvuLWyViSqXN1iQNwvWUKmiSngM+osbvRdZl spnxIpkLjE3AnpcKCfM7FsufnYZd8i18rh0VyVsNQSGHXyHnUPxWjVFuZFYxBvdo zZwT9YG+OBw= =OGUB -----END PGP SIGNATURE-----