ESB-2017.3204 - [Win][UNIX/Linux] IBM Rational Systems Tester: Multiple vulnerabilities 2017-12-15

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.3204
              Libxml2 patched in IBM Rational Systems Tester
                             15 December 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Rational Systems Tester
Publisher:         IBM
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Denial of Service        -- Remote/Unauthenticated
                   Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-8872 CVE-2017-7375 CVE-2017-5969
                   CVE-2016-9318  

Reference:         ESB-2017.2122

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=swg21993821

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Rational Systems Tester is affected by Libxml2
vulnerabilities CVE-2016-9318, CVE-2017-5969, CVE-2017-7375 and CVE-2017-8872

Document information

Software version: 3.3, 3.3.0.1, 3.3.0.2, 3.3.0.3, 3.3.0.4, 3.3.0.5, 3.3.0.6

Operating system(s): Linux, Windows

Reference #: 1993821

Modified date: 14 December 2017

Security Bulletin

Summary

A new Libxml2 vulnerability was disclosed by the Libxml2 Project. Libxml2 is
used by Rational Systems Tester. Rational Systems Tester has addressed the
applicable CVE.

Vulnerability Details

CVEID: CVE-2016-9318
DESCRIPTION: Llibxml2 could allow a remote attacker to obtain sensitive
information, caused by failure to offer a flag directly indicating the status
of current document. By using a specially-crafted document to conduct a XML
external entity (XXE) attack, an attacker could exploit this vulnerability to
obtain sensitive information.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119018 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID: CVE-2017-7375
DESCRIPTION: libxml2 could allow a remote attacker to obtain sensitive
information, caused by missing validation for external entities in
xmlParsePEReference. By sending specially-crafted XML data, an attacker could
exploit this vulnerability to obtain sensitive information or cause a denial of
service.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
128275 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L)

CVEID: CVE-2017-5969
DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by a NULL
pointer dereference in the xmlSaveDoc functionality when used in recover mode.
By persuading a victim to open a specially crafted XML document, an attacker
could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
128274 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-8872
DESCRIPTION: libxml2 is vulnerable to a buffer overflow, caused by a a
buffer-over-read flaw in the htmlParseTryOrFinish function in HTMLparser.c. By
sending a specially-crafted request, a local attacker could overflow a buffer
and cause a denial of service condition or obtain sensitive information on the
system.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
125890 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Rational Systems Tester 3.3, 3.3.0.1, 3.3.0.2, 3.3.0.3, 3.3.0.4, 3.3.0.5,
3.3.0.6, 3.3.0.7, 3.3.0.7 Interim Fix 1, 3.3.0.7 Interim Fix 2, 3.3.0.7 Interim
Fix 3, 3.3.0.7 Interim Fix 4, 3.3.0.7 Interim Fix 5

Remediation/Fixes

Upgrade to Rational Systems Tester Interim Fix 6 for 3.3.0.7

Workarounds and Mitigations

None

Change History

07 December 2017: original document published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWjMrMox+lLeg9Ub1AQh7hw/9FUNIW0lr+Z3/quDI4Fh0tiNIC54eUalZ
tlFHCwbby/ngA7WqqGUc7HZKu5Q9DZXHMo9JhezjGpvWf0Iv1VtOJhq+NuGgPVvp
HjFHTjs9cLYFzN242TgpyhxGZKN1r8xTO4qRedX6nccq4KI4U0sPGvb+e9X4Q9Aj
g1NVGIfOUPPZKfSUNlZlIt2MGP66vH/v3UQmLZuZk0/r2aAzz/ImJnir4IsfTp4d
s60NGf2SXZrSLJ83s4eOZdkLfArb1XH2PHsJS0I3iAPLd/a3GzxFqbJweyn541lm
2GoQ5/MZ+gAU3FIGIorbsxnJz4kfz6CoMdahgm9X3z2JsezOSOKOVyqQZk/Q0iff
oMEKploTizjSe93k++LD5LWqI3NG8p0uPaKDveOkwJ2ByATNC4oxxRTa24R2KaYn
FMkPJjDqUkJ7g7pYtXbUOYINJPC1akvx4HdLqoYdTAbNf7lxRGk2BpCJGJHphwnI
tMiTSiY/uPMRGzU4ZKFOw7WOVjImaSR4AplodBqfduUmpXkvRKG5YQCp4gTaucEl
k3QI2dLuJ4Wz4S5+eyAh5iGynoo+dMcT+RmTO+oQL1ZvYk4IdlyJWnjmhDZI4hYk
n6LcbYtXNX/Tur3tdQeC7pYNnM2DJWxB4/ffbBi0TJ2HrMepQ/Uj3WyGn5v2tEOF
ho/nEkakfW8=
=14oL
-----END PGP SIGNATURE-----

« Back to bulletins