Date: 11 April 2013
References: ESB-2011.0916 ESB-2012.0027 ASB-2012.0021 ESB-2013.0411 ESB-2013.0475 ESB-2013.0487
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.0526
Security Bulletin: IBM XIV Storage System Gen3
(CVE-2011-4619, CVE-2011-4576, CVE-2011-3210, CVE-2012-4829)
11 April 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM XIV Storage System Gen3
Publisher: IBM
Operating System: Network Appliance
Impact/Access: Access Privileged Data -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-4829 CVE-2011-4619 CVE-2011-4576
CVE-2011-3210
Reference: ASB-2012.0021
ESB-2013.0487
ESB-2013.0475
ESB-2013.0411
ESB-2012.0027
ESB-2011.0916
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004323
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM XIV Storage System Gen3 (CVE-2011-4619, CVE-2011-4576,
CVE-2011-3210, CVE-2012-4829)
Flash (Alert)
Document information
2810 - XIV Storage System
Version:
Not Applicable
Operating system(s):
N/A
Software edition:
N/A
Reference #:
S1004323
Modified date:
2013-04-10
Abstract
Certain network-based attacks can cause the administration interface server to
reboot (CVE-2011-4619 and CVE-2011-3210). Control data may be leaked from pad
regions of cipher blocks (CVE-2011-4576).
Also Release 11.2 adds the ability for the client to install their own X509v3
certificate (CVE-2012-4829).
Content
VULNERABILITY DETAILS:
CVE ID: CVE-2011-4619
DESCRIPTION: The Server Gated Cryptography (SGC) implementation in OpenSSL
before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake
restarts, which allows remote attackers to cause a denial of service (CPU
consumption) via unspecified vectors.
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/72132 for the
current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
AFFECTED PRODUCTS: IBM XIV Storage System Gen3 (MTMN 2810 and 2812) running
releases 11.0 through 11.1.1.
REMEDIATION: Upgrade to Release 11.2 or higher code.
VENDOR FIX(ES): For XIV Gen 3 systems running a release lower than 11.2
contact IBM to have your system upgraded to release 11.2 or higher.
WORKAROUND(S): None known, apply fixes.
MITIGATION(S): Limit network access to the XIV system's management
interfaces.
CVE ID: CVE-2011-4576
DESCRIPTION: The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x
before 1.0.0f does not properly initialize data structures for block cipher
padding, which might allow remote attackers to obtain sensitive information
by decrypting the padding data sent by an SSL peer.
CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/72130 for the
current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
AFFECTED PRODUCTS: IBM XIV Storage System Gen3 (MTMN 2810 and 2812) running
releases 11.0 through 11.1.1.
REMEDIATION: Upgrade to Release 11.2 or higher code.
VENDOR FIX(ES): For XIV Gen 3 systems running a release lower than 11.2
contact IBM to have your system upgraded to release 11.2 or higher.
WORKAROUND(S): None known, apply fixes.
MITIGATION(S): Limit network access to the XIV system's management
interfaces.
CVE ID: CVE-2011-3210
DESCRIPTION: The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8
through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during
processing of handshake messages from clients, which allows remote
attackers to cause a denial of service (daemon crash) via out-of-order
messages that violate the TLS protocol.
CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/69614 for the
current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
AFFECTED PRODUCTS: IBM XIV Storage System Gen3 (MTMN 2810 and 2812) running
releases 11.0 through 11.1.1
REMEDIATION: Upgrade to Release 11.2 or higher code.
VENDOR FIX(ES): For XIV Gen 3 systems running a release lower than 11.2
contact IBM to have your system upgraded to release 11.2 or higher.
WORKAROUND(S): None known, apply fixes.
MITIGATION(S): Limit network access to the XIV system's management
interfaces.
CVE ID: CVE-2012-4829
DESCRIPTION: The default X509v3 certificate provided with XIV Storage
System Gen3 is insufficient to properly authenticate the system to a client
connecting via to a management client
CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/78860 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
AFFECTED PRODUCTS: IBM XIV Storage System Gen3 (MTMN 2810 and 2812
REMEDIATION: Upgrade to Release 11.2 or higher code and install a new
certificate
VENDOR FIX(ES): For XIV Gen 3 systems running a release lower than 11.2
contact IBM to have your system upgraded to release 11.2 or higher.
WORKAROUND(S): None known, apply fixes and replace certificate.
MITIGATION(S): Limit network access to the XIV system's management
interfaces.
REFERENCES:
· Complete CVSS Guide
· On-line Calculator V2
· CVE-2011-4619
· CVE-2011-4576
· CVE-2011-3210
RELATED INFORMATION:
· IBM Secure Engineering Web Portal
· IBM Product Security Incident Response Blog
· IBM XIV Storage System product support
ACKNOWLEDGENMENT: N/A
CHANGE HISTORY: N/A
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the
impact of this vulnerability in their environments by accessing the links
in the Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams
(FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry
open standard designed to convey vulnerability severity and help to
determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES
"AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE
RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY
VULNERABILITY.
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list of
IBM trademarks is available on the Web at "Copyright and trademark information"
at www.ibm.com/legal/copytrade.shtml.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUWZFFu4yVqjM2NGpAQLMfw//f/qiPETvEvEpEQMgsmjC+TNQC65cGOXC
WhWgiLJtMHoGVyGNVfzfv9ETiXSLKt3ceiAgMUaZ8UTtFXgas60tkpW/CjF+x2ge
9b3zcJ5dwMD3AJ5Y0pckWQp3bNDlKST6yDc+rh8bN+7ntU43zZGohiLDCN0ENFhC
aiKvs2k5ObIerZk1JylVUmzg4a60PiBngoOr//r2DTRwIFyIPw4HGfkgKQszONtc
nJyUKZ5aK1DsWkJ/yTVNDsFKJW/NEZz4zum4bknuzh19XhqvB1BOiEcvn/GuYkos
xYxlkPLZt8exbhT2An4paEgsxRJ+YF4OhgWXwRtGHF2Nq14x7Er0s2zZgYwko1CM
qqUk4CkSei2znHe6eTi20NMxCMro9wqo42sQZesap1dcxJ5n34/rNvhfAKqjGk6h
uBskZGw9+GoYkltsgl9/j8x4mFpYVoREOMaQskoCnAT2294MHg0l/YRTSg4jbnrK
TJE0osCO2UZQDXLxZjKfVxKQ0cTP/UE04WhmPMDiL2Kr7s459r4xlaUBc9lzja8S
B0aDjxWFghivKnBTpieKuAKgNxDPF78PMLpCW+ug09A+qYeV0hvBf77DZlLpWVhB
J8ZGzMasZvAb3EdwnQ0fY4MUjXP9dYtn8GoOYHHZtJZKXMeSSO2O8JxERJ8y6vDe
2JqWMv9ISbM=
=x9kp
-----END PGP SIGNATURE-----
|