ESB-2017.1972 - [Win][Linux] IBM Watson Explorer: Denial of service - Remote with user interaction 2017-08-10

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1972
    Security Bulletin: Multiple vulnerabilities affect Watson Explorer
                              10 August 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Watson Explorer
Publisher:         IBM
Operating System:  Linux variants
                   Windows
Impact/Access:     Denial of Service -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-5601 CVE-2016-10350 CVE-2016-10349
                   CVE-2016-10209 CVE-2016-8689 CVE-2016-8688

Reference:         ESB-2017.0623

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=swg22006995

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Multiple vulnerabilities affect Watson Explorer
(CVE-2016-8688, CVE-2016-8689, CVE-2017-5601, CVE-2016-10209, CVE-2016-10350,
CVE-2016-10349)

Document information

More support for: Watson Explorer

Software version: 11.0.0, 11.0.0.1, 11.0.0.2, 11.0.0.3, 11.0.1, 11.0.2

Operating system(s): Linux, Windows

Reference #: 2006995

Modified date: 09 August 2017

Security Bulletin

Summary

Multiple libarchive vulnerabilities affect Watson Explorer.

Vulnerability Details

CVEID: CVE-2016-8688
DESCRIPTION: libarchive is vulnerable to a denial of service, caused
by an an invalid read error in the detect_form or bid_entry function in
libarchive/archive_read_support_format_mtree.c. By persuading a victim
to open a specially crafted file, a remote attacker could exploit this
vulnerability to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/122105 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-8689
DESCRIPTION: libarchive is vulnerable to a denial of service,
caused by an out-of-bounds read error in the read_Header function in
archive_read_support_format_7zip.c. By persuading a victim to open a
specially crafted archive file, a remote attacker could exploit this
vulnerability to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/122106 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-5601
DESCRIPTION: libarchive is vulnerable to a denial of service, caused
by an out-of-bounds memory access error in the lha_read_file_header_1()
function. By persuading a victim to open a specially crafted archive file,
a remote attacker could exploit this vulnerability to cause the application
to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/121360 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-10209
DESCRIPTION: libarchive is vulnerable to a denial of service, caused by
a NULL pointer dereference in archive_wstring_append_from_mbs function
in archive_string.c. By persuading a victim to read a specially crafted
archive file, a remote attacker could exploit this vulnerability to cause
the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/127053 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-10350
DESCRIPTION: libarchive is vulnerable to a denial of service, caused by
a heap-based buffer over-read in the archive_read_format_cab_read_header
function in archive_read_support_format_cab. By persuading a victim to open
a specially crafted file, a remote attacker could exploit this vulnerability
to cause the application to crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/126671 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-10349
DESCRIPTION: libarchive is vulnerable to a denial of service, caused by a
flaw in the archive_le32dec function in archive_endian.h. By persuading a
victim to open a specially crafted file, a remote attacker could exploit
this vulnerability to cause a heap-based buffer over-read which leads to
an application crash.
CVSS Base Score: 6.2
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/126670 for the
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

These vulnerabilities apply to the following products and versions:

    Watson Explorer Foundational Components version 11.0.0.3 and earlier,
    version 11.0.1, version 11.0.2.

Remediation/Fixes

Follow these steps to upgrade to the required version of libarchive. The
table reflects product names at the time the specified versions
were released. To use the link to Fix Central in this table,
you must first log in to the IBM Support: Fix Central site at
http://www.ibm.com/support/fixcentral/.

Affected Product		Affected Versions			How to acquire and apply the fix

IBM Watson Explorer 		11.0 - 11.0.0.3, 11.0.1, 11.0.2		Upgrade to Version 11.0.2.1.
Foundational Components							See Watson Explorer Version 11.0.2.1 
									Foundational Components for download
									information and instructions.

References

Complete CVSS v3 Guide
On-line Calculator v3

Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

7 Aug 2017 : Original version published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency
and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT
WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING
THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWYufL4x+lLeg9Ub1AQg21w//V2yE7oPDeH7T/3TMBCkLDHiEJMCzKL1g
/26KPuYFTo2dH8LSYSLcPDa6u3FB2m0kw0blPqWnen3P5Xwts8L7nojec9KIiexb
qtMW43Xp9hHaP8KGQAUBNY3rTycOrhMcvn1f+fTfnDBTh9boDQNURBh6IerzmLtl
+Zfcfx/j+WJHhnVkEQYjRhnOfJAs0/IifTxQjitpjE1yQ0H3dKjK29T6tVoRr5Wz
0txxL9EUIryukNu9Dn5fgiE2kTeAMBM34j+3gtQRtiOsBRXs1WPkqkYlmaWIEmto
P4IMWGa5+EbSkAITXQ1I/IWayHqLFNcL7tcawW688HbPjhwD1iuUGHsMFWfFkf7P
VzGBiZ1wPkqJuDgKOVtcWPut8GMwB0Vq/ypJHaFdKxT6D+kuOX/IQLnX3/CR1QHh
iJAQde92cgCKP4PEgCfx7NYLzbHiPZeaXeMVI/K82rWobdxLiBGO9W6m55T7zo58
vMl3bUORXkFzIsLDdFPYsHJIaSm+mQzaP6Y/gTXUETWnj5ZpCwxDjfsi5qxkQgHy
1AKNclpWtuRR4D6XQ6WL7W5UDHTR1lp6i3b/ciIpb+5M3N09pr6Q0IaXsKR7EwPU
BRgA3wwUQf7w3aemhqVxmWEbsmFP8ngOkFAPXrHPNrRBlY14uYuhd15lbCZiqxco
zLaJprQ13Dc=
=E2lv
-----END PGP SIGNATURE-----

« Back to bulletins