ESB-2017.3225.2 - UPDATE [Linux] IBM Security Guardium: Multiple vulnerabilities 2017-12-20

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2017.3225.2
   Security updates for IBM Security Guardium Database Activity Monitor
                             20 December 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Security Guardium
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Root Compromise                 -- Remote/Unauthenticated      
                   Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                   Access Privileged Data          -- Remote/Unauthenticated      
                   Increased Privileges            -- Existing Account            
                   Denial of Service               -- Remote/Unauthenticated      
                   Cross-site Scripting            -- Existing Account            
                   Provide Misleading Information  -- Remote with User Interaction
                   Unauthorised Access             -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-1000251 CVE-2017-9050 CVE-2017-9049
                   CVE-2017-9048 CVE-2017-9047 CVE-2017-8779
                   CVE-2017-7895 CVE-2017-7546 CVE-2017-7541
                   CVE-2017-5467 CVE-2017-3137 CVE-2017-3136
                   CVE-2017-2636 CVE-2017-2628 CVE-2017-1757
                   CVE-2017-1600 CVE-2017-1598 CVE-2017-1596
                   CVE-2017-1595 CVE-2017-1270 CVE-2017-1266
                   CVE-2017-1262 CVE-2017-1261 CVE-2017-1259
                   CVE-2017-1257 CVE-2016-9311 CVE-2016-9310
                   CVE-2016-9147 CVE-2016-8635 CVE-2016-7545
                   CVE-2016-7543 CVE-2016-7433 CVE-2016-7429
                   CVE-2016-7426 CVE-2016-7117 CVE-2016-7076
                   CVE-2016-7032 CVE-2016-6313 CVE-2016-6306
                   CVE-2016-6304 CVE-2016-6302 CVE-2016-5699
                   CVE-2016-5424 CVE-2016-5408 CVE-2016-5285
                   CVE-2016-2834 CVE-2016-2182 CVE-2016-2181
                   CVE-2016-2180 CVE-2016-2179 CVE-2016-2178
                   CVE-2016-1248 CVE-2016-0787 CVE-2016-0772
                   CVE-2016-0718 CVE-2015-8779 CVE-2015-8325
                   CVE-2015-7940 CVE-2015-2575 CVE-2015-0254
                   CVE-2014-9653 CVE-2014-9620 CVE-2014-8117
                   CVE-2014-8116 CVE-2014-3710 CVE-2014-3587
                   CVE-2014-3584 CVE-2014-3538 

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=swg22011554
   http://www.ibm.com/support/docview.wss?uid=swg22010438
   http://www.ibm.com/support/docview.wss?uid=swg22009622
   http://www.ibm.com/support/docview.wss?uid=swg22009625
   http://www.ibm.com/support/docview.wss?uid=swg22009629
   http://www.ibm.com/support/docview.wss?uid=swg22009621
   http://www.ibm.com/support/docview.wss?uid=swg22011515
   http://www.ibm.com/support/docview.wss?uid=swg22011482
   http://www.ibm.com/support/docview.wss?uid=swg22010429
   http://www.ibm.com/support/docview.wss?uid=swg22011516
   http://www.ibm.com/support/docview.wss?uid=swg22010440
   http://www.ibm.com/support/docview.wss?uid=swg22010437
   http://www.ibm.com/support/docview.wss?uid=swg22010431
   http://www.ibm.com/support/docview.wss?uid=swg22010439
   http://www.ibm.com/support/docview.wss?uid=swg22008901

Comment: This bulletin contains fifteen (15) IBM security advisories.

Revision History:  December 20 2017: Vendor published another Guardium fix
                   December 19 2017: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected
by SQL Injection - gimservlet Vulnerability(CVE-2017-1757 )

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2011554

Modified date: 18 December 2017

Summary

IBM Security Guardium Database Activity Monitor has addressed the following
vulnerability.

Vulnerability Details

CVEID: CVE-2017-1757
DESCRIPTION: IBM Security Identity Governance Virtual Appliance is vulnerable
to SQL injection. A remote attacker could send specially-crafted SQL
statements, which could allow the attacker to view, add, modify or delete
information in the back-end database.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
135858 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM Security Guardium Database Activity Monitor V10.0, 10.0.1, 10.1, 10.1.2,
10.1.3

Remediation/Fixes

+--------------------------------------------------------------------------------------+
|Product         |VRMF        |Remediation/First Fix                                   |
|----------------+------------+--------------------------------------------------------|
|IBM Security    |10.0-10.1.3 |https://www-945.ibm.com/support/fixcentral/swg/         |
|Guardium        |            |selectFixes?parent=IBM%20Security&product=ibm/          |
|Database        |            |Information+Management/InfoSphere+Guardium&release=10.0&|
|Activity Monitor|            |platform=Linux&function=fixId&fixids=                   |
|                |            |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|                |            |=0&source=fc                                            |
+--------------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: HTTP Response Splitting vulnerability affects IBM Security
Guardium (CVE-2017-1262 )

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2010438

Modified date: 18 December 2017

Summary

A remote attacker could exploit this vulnerability using specially-crafted URL
to cause the server to return a split response, once the URL is clicked. This
would allow the attacker to perform further attacks. IBM Security Guardium has
provided a fix for this vulnerability.

Vulnerability Details

CVEID: CVE-2017-1262
DESCRIPTION: IBM Security Guardium is vulnerable to HTTP response splitting
attacks. A remote attacker could exploit this vulnerability using
specially-crafted URL to cause the server to return a split response, once the
URL is clicked. This would allow the attacker to perform further attacks, such
as Web cache poisoning, cross-site scripting, and possibly obtain sensitive
information.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124737 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Remediation/Fixes

+--------------------------------------------------------------------------------+
|Product    |VRMF       |Remediation/First Fix                                   |
|-----------+-----------+--------------------------------------------------------|
|IBM        |10.0-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/         |
|Security   |           |selectFixes?parent=IBM%20Security&product=ibm/          |
|Guardium   |           |Information+Management/InfoSphere+Guardium&release=10.0&|
|           |           |platform=Linux&function=fixId&fixids=                   |
|           |           |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|           |           |=0&source=fc                                            |
+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Acknowledgement

IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected
by Lack or Misconfiguration of Browser Security Header (CVE-2017-1600)

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2009622

Modified date: 18 December 2017

Summary

IBM Security Guardium Database Activity Monitor is vulnerable to cross-site
scripting. IBM Security Guardium Database Activity Monitor has fixed this
vulenrability

Vulnerability Details

CVEID: CVE-2017-1600
DESCRIPTION: IBM Security Guardium Database Activity Monitor is vulnerable to
cross-site scripting. This vulnerability allows users to embed arbitrary
JavaScript code in the Web UI thus altering the intended functionality
potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
132613 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM Security Guardium Database Activity Monitor V10.0, 10.0.1, 10.1, 10.1.2,
10.1.3

Remediation/Fixes

+--------------------------------------------------------------------------------+
|Product    |VRMF       |Remediation/First Fix                                   |
|-----------+-----------+--------------------------------------------------------|
|IBM        |10.0-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/         |
|Security   |           |selectFixes?parent=IBM%20Security&product=ibm/          |
|Guardium   |           |Information+Management/InfoSphere+Guardium&release=10.0&|
|Database   |           |platform=Linux&function=fixId&fixids=                   |
|Activity   |           |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|Monitor    |           |=0&source=fc                                            |
+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected
by Password Returned in HTTP Response vulnerability (CVE-2017-1596)

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2009625

Modified date: 18 December 2017

Summary

IBM Security Guardium Database Activity Monitor could allow a local attacker to
obtain sensitive information via unspecified vectors. IBM Security Guardium
Database Activity Monitor has fixed this vulenrability.

Vulnerability Details

CVEID: CVE-2017-1596
DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow a
local attacker to obtain highly sensitive information via unspecified vectors.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
132550 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Security Guardium Database Activity Monitor V10.0, 10.0.1, 10.1, 10.1.2,
10.1.3

Remediation/Fixes

+--------------------------------------------------------------------------------+
|Product    |VRMF       |Remediation/First Fix                                   |
|-----------+-----------+--------------------------------------------------------|
|IBM        |10.0-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/         |
|Security   |           |selectFixes?parent=IBM%20Security&product=ibm/          |
|Guardium   |           |Information+Management/InfoSphere+Guardium&release=10.0&|
|Database   |           |platform=Linux&function=fixId&fixids=                   |
|Activity   |           |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|Monitor    |           |=0&source=fc                                            |
+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected
by Sensitive Information Leakage vulenrability (CVE-2017-1595)

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2009629

Modified date: 18 December 2017

Summary

IBM Security Guardium Database Activity Monitor could allow a local attacker to
obtain sensitive information via unspecified vectors. IBM Security Guardium
Database Activity Monitor has provided a fix for this vulnerability.

Vulnerability Details

CVEID: CVE-2017-1595
DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow a
local attacker to obtain highly sensitive information via unspecified vectors.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
132549 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Security Guardium Database Activity Monitor V10.0, 10.0.1, 10.1, 10.1.2,
10.1.3

Remediation/Fixes

+--------------------------------------------------------------------------------+
|Product    |VRMF       |Remediation/First Fix                                   |
|-----------+-----------+--------------------------------------------------------|
|IBM        |10.0-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/         |
|Security   |           |selectFixes?parent=IBM%20Security&product=ibm/          |
|Guardium   |           |Information+Management/InfoSphere+Guardium&release=10.0&|
|Database   |           |platform=Linux&function=fixId&fixids=                   |
|Activity   |           |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|Monitor    |           |=0&source=fc                                            |
+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected
by Use of a Broken or Risky Cryptographic Algorithm vulenrability
(CVE-2017-1598)

Security Bulletin
Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2009621

Modified date: 18 December 2017

Summary

IBM Security Guardium Database Activity Monitor uses weaker than expected
cryptographic algorithms that could allow an attacker to decrypt sensitive
information. IBM Security Guardium Database Activity Monitor has fixed this
vulenrability

Vulnerability Details

CVEID: CVE-2017-1598
DESCRIPTION: IBM Security Guardium Database Activity Monitor uses weaker than
expected cryptographic algorithms that could allow an attacker to decrypt
highly sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
132611 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Security Guardium Database Activity Monitor V10.0, 10.0.1, 10.1, 10.1.2,
10.1.3

Remediation/Fixes

+--------------------------------------------------------------------------------+
|Product    |VRMF       |Remediation/First Fix                                   |
|-----------+-----------+--------------------------------------------------------|
|IBM        |10.0-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/         |
|Security   |           |selectFixes?parent=IBM%20Security&product=ibm/          |
|Guardium   |           |Information+Management/InfoSphere+Guardium&release=10.0&|
|Database   |           |platform=Linux&function=fixId&fixids=                   |
|Activity   |           |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|Monitor    |           |=0&source=fc                                            |
+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: IBM Security Guardium is affected by Open Source libxml2
vulnerabilities

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2011515

Modified date: 18 December 2017

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2017-9050
DESCRIPTION: libxml2 is vulnerable to a heap-based buffer overflow, caused by a
buffer over-read flaw in the xmlDictAddString function in dict.c. By sending a
specially-crafted request, a local attacker could overflow a buffer and cause
the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
126277 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-9049
DESCRIPTION: libxml2 is vulnerable to a heap-based buffer overflow, caused by a
buffer over-read flaw in the xmlDictComputeFastKey function in dict.c. By
sending a specially-crafted request, a local attacker could overflow a buffer
and cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
126276 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-9048
DESCRIPTION: libxml2 is vulnerable to a stack-based buffer overflow, caused by
improper bounds checking of the strlen(buf) size in the
xmlSnprintfElementContent function in valid.c. By sending a specially-crafted
request, a local attacker could overflow a buffer and cause the application to
crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
126275 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-9047
DESCRIPTION: libxml2 is vulnerable to a stack-based buffer overflow, caused by
improper bounds checking by the xmlSnprintfElementContent function in valid.c.
By sending a specially-crafted request, a local attacker could overflow a
buffer and cause application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
126274 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Remediation/Fixes

+--------------------------------------------------------------------------------+
|Product    |VRMF       |Remediation/First Fix                                   |
|-----------+-----------+--------------------------------------------------------|
|IBM        |10.0-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/         |
|Security   |           |selectFixes?parent=IBM%20Security&product=ibm/          |
|Guardium   |           |Information+Management/InfoSphere+Guardium&release=10.0&|
|           |           |platform=Linux&function=fixId&fixids=                   |
|           |           |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|           |           |=0&source=fc                                            |
+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: IBM Security Guardium is affected by Open Source packages
vulnerabilities

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2011482

Modified date: 18 December 2017

Summary

IBM Security Guardium has addressed the following vulnerabilities

Vulnerability Details

CVEID: CVE-2017-2628
DESCRIPTION: cURL could allow a remote attacker to bypass security
restrictions, caused by improper use of Negotiate authenticated HTTP
connections for subsequent requests. An attacker could exploit this
vulnerability to bypass access restrictions.
CVSS Base Score: 4.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
125103 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2017-3137
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the
improper handling of a query response containing CNAME or DNAME resource
records in an unusual order. By sending a specially crafted DNS response, a
remote attacker could exploit this vulnerability to make named exit
unexpectedly with an assertion failure.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124517 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-3136
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the
improper handling of query requests when using DNS64 with "break-dnssec yes"
option. By sending a specially crafted DNS request, a remote attacker could
exploit this vulnerability to make named exit unexpectedly with an assertion
failure.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124516 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-5467
DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary
code on the system, caused by a memory corruption when drawing Skia content. By
persuading a victim to visit a specially-crafted Web site, a remote attacker
could exploit this vulnerability using unknown attack vectors to execute
arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
125031 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: cve-2017-1000379
DESCRIPTION: Linux Kernel could allow a local attacker to bypass security
restrictions, caused by the occasional mapping of the contents of PIE
executable, the heap or ld.so. An attacker could exploit this vulnerability to
manipulate the stack.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
127465 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2017-1000251
DESCRIPTION: Linux Kernel is vulnerable to a stack-based buffer overflow,
caused by improper bounds checking by the native Bluetooth stack. By processing
L2CAP configuration responses, a remote attacker could overflow a buffer and
execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
131857 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-2636
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain
elevated privileges on the system, caused by a race condition in the n_hdlc
Linux kernel driver (drivers/tty/n_hdlc.c). By using a specially-crafted
application, an attacker could exploit this vulnerability to gain privileges on
the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
122898 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-8779
DESCRIPTION: rpcbind, LIBTIRPC, and NTIRPC are vulnerable to a denial of
service, caused by improper validation of XDR strings in memory allocation. By
sending a specially-crafted UDP packet, a remote attacker could exploit this
vulnerability to cause memory consumption.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
125753 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-7895
DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security
restrictions, caused by improper validation at the end of buffer in NFSv2 and
NFSv3 server implementations in fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. By
sending a specially-crafted request, an attacker could exploit this
vulnerability to trigger pointer-arithmetic errors or other unspecified impact
on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
125803 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2017-7546
DESCRIPTION: PostgreSQL could allow a remote attacker to bypass security
restrictions, caused by a flaw in the libpq. By setting an empty password, an
attacker could exploit this vulnerability to bypass access restrictions and log
in to the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
130240 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2017-2628
DESCRIPTION: cURL could allow a remote attacker to bypass security
restrictions, caused by improper use of Negotiate authenticated HTTP
connections for subsequent requests. An attacker could exploit this
vulnerability to bypass access restrictions.
CVSS Base Score: 4.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
125103 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2017-3137
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the
improper handling of a query response containing CNAME or DNAME resource
records in an unusual order. By sending a specially crafted DNS response, a
remote attacker could exploit this vulnerability to make named exit
unexpectedly with an assertion failure.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124517 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-3136
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the
improper handling of query requests when using DNS64 with "break-dnssec yes"
option. By sending a specially crafted DNS request, a remote attacker could
exploit this vulnerability to make named exit unexpectedly with an assertion
failure.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124516 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-5467
DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary
code on the system, caused by a memory corruption when drawing Skia content. By
persuading a victim to visit a specially-crafted Web site, a remote attacker
could exploit this vulnerability using unknown attack vectors to execute
arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
125031 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: cve-2017-1000379
DESCRIPTION: Linux Kernel could allow a local attacker to bypass security
restrictions, caused by the occasional mapping of the contents of PIE
executable, the heap or ld.so. An attacker could exploit this vulnerability to
manipulate the stack.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
127465 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2017-1000251
DESCRIPTION: Linux Kernel is vulnerable to a stack-based buffer overflow,
caused by improper bounds checking by the native Bluetooth stack. By processing
L2CAP configuration responses, a remote attacker could overflow a buffer and
execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
131857 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-2636
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain
elevated privileges on the system, caused by a race condition in the n_hdlc
Linux kernel driver (drivers/tty/n_hdlc.c). By using a specially-crafted
application, an attacker could exploit this vulnerability to gain privileges on
the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
122898 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-8779
DESCRIPTION: rpcbind, LIBTIRPC, and NTIRPC are vulnerable to a denial of
service, caused by improper validation of XDR strings in memory allocation. By
sending a specially-crafted UDP packet, a remote attacker could exploit this
vulnerability to cause memory consumption.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
125753 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-7895
DESCRIPTION: Linux Kernel could allow a remote attacker to bypass security
restrictions, caused by improper validation at the end of buffer in NFSv2 and
NFSv3 server implementations in fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. By
sending a specially-crafted request, an attacker could exploit this
vulnerability to trigger pointer-arithmetic errors or other unspecified impact
on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
125803 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2017-7546
DESCRIPTION: PostgreSQL could allow a remote attacker to bypass security
restrictions, caused by a flaw in the libpq. By setting an empty password, an
attacker could exploit this vulnerability to bypass access restrictions and log
in to the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
130240 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2016-7543
DESCRIPTION: GNU Bash could allow a local attacker to execute arbitrary
commands on the system. An attacker could exploit this vulnerability using
specially crafted SHELLOPTS and PS4 variables to execute arbitrary commands on
the system with root privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
121372 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-8779
DESCRIPTION: GNU C Library (glibc) is vulnerable to a stack-based buffer
overflow, caused by improper bounds checking by the catopen function. By
sending an overly long string, a remote attacker could overflow a buffer and
execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
111087 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-8325
DESCRIPTION: OpenSSH could allow a local attacker to gain elevated privileges
on the system, caused by an error in the do_setup_env function when the
UseLogin feature is enabled and PAM is configured to read .pam_environment
files in user home directories. By using an LD_PRELOAD environment variable, an
attacker could exploit this vulnerability to gain elevated privileges on the
system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
114628 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-7541
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
buffer overflow in the brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/
broadcom/brcm80211/brcmfmac/cfg80211.c. By using a specially- a crafted
NL80211_CMD_FRAME Netlink packet, a local attacker could exploit this
vulnerability to cause the system to crash or or possibly gain privileges.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
129314 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7543
DESCRIPTION: GNU Bash could allow a local attacker to execute arbitrary
commands on the system. An attacker could exploit this vulnerability using
specially crafted SHELLOPTS and PS4 variables to execute arbitrary commands on
the system with root privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
121372 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-8779
DESCRIPTION: GNU C Library (glibc) is vulnerable to a stack-based buffer
overflow, caused by improper bounds checking by the catopen function. By
sending an overly long string, a remote attacker could overflow a buffer and
execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
111087 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-8325
DESCRIPTION: OpenSSH could allow a local attacker to gain elevated privileges
on the system, caused by an error in the do_setup_env function when the
UseLogin feature is enabled and PAM is configured to read .pam_environment
files in user home directories. By using an LD_PRELOAD environment variable, an
attacker could exploit this vulnerability to gain elevated privileges on the
system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
114628 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-7541
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
buffer overflow in the brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/
broadcom/brcm80211/brcmfmac/cfg80211.c. By using a specially- a crafted
NL80211_CMD_FRAME Netlink packet, a local attacker could exploit this
vulnerability to cause the system to crash or or possibly gain privileges.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
129314 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Remediation/Fixes

+--------------------------------------------------------------------------------+
|Product    |VRMF       |Remediation/First Fix                                   |
|-----------+-----------+--------------------------------------------------------|
|IBM        |10.0-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/         |
|Security   |           |selectFixes?parent=IBM%20Security&product=ibm/          |
|Guardium   |           |Information+Management/InfoSphere+Guardium&release=10.0&|
|           |           |platform=Linux&function=fixId&fixids=                   |
|           |           |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|           |           |=0&source=fc                                            |
+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: IBM Security Guardium is affected by Password in Clear Text
vulnerability (CVE-2017-1259)

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2010429

Modified date: 18 December 2017

Summary

IBM Security Guardium transmits user credentials in plain in clear text which
can be read by an attacker. IBM Security Guardium has provided a fix for this
vulnerability.

Vulnerability Details

CVEID: CVE-2017-1259
DESCRIPTION: IBM Security Guardium transmits user credentials in plain in clear
text which can be read by an attacker using man in the middle techniques.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124686 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Remediation/Fixes

+--------------------------------------------------------------------------------+
|Product    |VRMF       |Remediation/First Fix                                   |
|-----------+-----------+--------------------------------------------------------|
|IBM        |10.0-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/         |
|Security   |           |selectFixes?parent=IBM%20Security&product=ibm/          |
|Guardium   |           |Information+Management/InfoSphere+Guardium&release=10.0&|
|           |           |platform=Linux&function=fixId&fixids=                   |
|           |           |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|           |           |=0&source=fc                                            |
+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Acknowledgement

IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: IBM Security Guardium is affected by a Incorrect Permission
Assignment for Critical Resource vulnerability (CVE-2017-1266 )

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2011516

Modified date: 18 December 2017

Summary

IBM Security Guardium has addressed the following vulnerability.

Vulnerability Details

CVEID: CVE-2017-1266
DESCRIPTION: IBM Security Guardium specifies permissions for a
security-critical resource in a way that allows that resource to be read or
modified by unintended actors.
CVSS Base Score: 4.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124741 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Remediation/Fixes

+--------------------------------------------------------------------------------+
|Product    |VRMF       |Remediation/First Fix                                   |
|-----------+-----------+--------------------------------------------------------|
|IBM        |10.0-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/         |
|Security   |           |selectFixes?parent=IBM%20Security&product=ibm/          |
|Guardium   |           |Information+Management/InfoSphere+Guardium&release=10.0&|
|           |           |platform=Linux&function=fixId&fixids=                   |
|           |           |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|           |           |=0&source=fc                                            |
+--------------------------------------------------------------------------------+

Acknowledgement

IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: Incorrect Permission Assignment for Critical Resource
vulnerability affects IBM Security Guardium (CVE-2017-1266 )

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2010440

Modified date: 18 December 2017

Summary

IBM Security Guardium specifies permissions for a security-critical resource in
a way that allows that resource to be read or modified by unintended actors.
IBM Security Guardium has provided a fix for this vulnerability.

Vulnerability Details

CVEID: CVE-2017-1266
DESCRIPTION: IBM Security Guardium specifies permissions for a
security-critical resource in a way that allows that resource to be read or
modified by unintended actors.
CVSS Base Score: 4.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124741 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Remediation/Fixes

+--------------------------------------------------------------------------------+
|Product    |VRMF       |Remediation/First Fix                                   |
|-----------+-----------+--------------------------------------------------------|
|IBM        |10.0-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/         |
|Security   |           |selectFixes?parent=IBM%20Security&product=ibm/          |
|Guardium   |           |Information+Management/InfoSphere+Guardium&release=10.0&|
|           |           |platform=Linux&function=fixId&fixids=                   |
|           |           |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|           |           |=0&source=fc                                            |
+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Acknowledgement

IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: Information Exposure Through Log Files vulnerability affects
IBM Security Guardium (CVE-2017-1261)

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2010437

Modified date: 18 December 2017

Summary

IBM Security Guardium stores potentially sensitive information in log files
that could be read by a local user. IBM Security Guardium has provided a fix
for this vulnerability.

Vulnerability Details

CVEID: CVE-2017-1261
DESCRIPTION: IBM Security Guardium stores potentially sensitive information in
log files that could be read by a local user.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124736 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Remediation/Fixes

+------------------------------------------------------------------------------+
|Product    |VRMF     |Remediation/First Fix                                   |
|-----------+---------+--------------------------------------------------------|
|IBM        |10-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/         |
|Security   |         |selectFixes?parent=IBM%20Security&product=ibm/          |
|Guardium   |         |Information+Management/InfoSphere+Guardium&release=10.0&|
|           |         |platform=Linux&function=fixId&fixids=                   |
|           |         |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|           |         |=0&source=fc                                            |
+------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Acknowledgement

IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: Information Exposure vulnerability affects IBM Security
Guardium (CVE-2017-1257 )

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2010431

Modified date: 18 December 2017

Summary

IBM Security Guardium discloses sensitive information to unauthorized users.
IBM Security Guardium has provided a fix for this vulnerability.

Vulnerability Details

CVEID: CVE-2017-1257
DESCRIPTION: IBM Security Guardium discloses sensitive information to
unauthorized users. The information can be used to mount further attacks on the
system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124684 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Remediation/Fixes

+-----------------------------------------------------------------------------------------------------------+
|Product    |VRMF     |Remediation/First Fix                                                                |
|-----------+---------+-------------------------------------------------------------------------------------|
|IBM        |10-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=                   |
|Security   |         |IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=       |
|Guardium   |         |10.0&platform=Linux&function=fixId&fixids=                                           |
|           |         |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes=0&source=fc                 |
+-----------------------------------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: Session Identifier Not Updated vulnerability affects IBM
Security Guardium (CVE-2017-1270 )

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2010439

Modified date: 18 December 2017

Summary

IBM Security Guardium does not renew a session variable after a successful
authentication which could lead to session fixation/hijacking vulnerability.
IBM Security Guardium has fixed this vulnerability.

Vulnerability Details

CVEID: CVE-2017-1270
DESCRIPTION: IBM Security Guardium does not renew a session variable after a
successful authentication which could lead to session fixation/hijacking
vulnerability. This could force a user to utilize a cookie that may be known to
an attacker.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124745 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Remediation/Fixes

+-------------------------------------------------------------------------------+
|Product   |VRMF       |Remediation/First Fix                                   |
|----------+-----------+--------------------------------------------------------|
|IBM       |10.0-10.1.3|https://www-945.ibm.com/support/fixcentral/swg/         |
|Security  |           |selectFixes?parent=IBM%20Security&product=ibm/          |
|Guardium  |           |Information+Management/InfoSphere+Guardium&release=10.0&|
|          |           |platform=Linux&function=fixId&fixids=                   |
|          |           |SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes|
|          |           |=0&source=fc                                            |
+-------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Acknowledgement

IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan
Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza

Change History

12/18/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------------------------------------------------------------

Security Bulletin: IBM Security Guardium is affected by Using Components with
Known Vulnerabilities

Security Bulletin

Document information

Software version: 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Operating system(s): Linux

Reference #: 2008901

Modified date: 19 December 2017

Summary

IBM Security Guardium is affected by Using Components with Known
Vulnerabilities. IBM Security Guardium has fixed these vulnerabilities

Vulnerability Details

CVEID: CVE-2014-3584
DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the
processing of SAML tokens received in the authorization header of a request by
the Apache CXF JAX-RS service. By passing malicious values using the
SamlHeaderInHandler, an attacker could exploit this vulnerability to cause the
application to enter into an infinite loop.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
97753 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-3538
DESCRIPTION: Fine Free file is vulnerable to a denial of service, caused by the
failure to properly restrict the amount of data read during a regex search. A
remote attacker could exploit this vulnerability using a specially-crafted file
to consume all available CPU resources.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
94324 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2016-9311
DESCRIPTION: NTP is vulnerable to a denial of service, caused by a NULL pointer
dereference when trap service has been enabled. By sending specially crafted
packets, a remote attacker could exploit this vulnerability to cause the
application to crash.
CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119086 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-9310
DESCRIPTION: NTP is vulnerable to a denial of service, caused by an error in
the control mode (mode 6) functionality. By sending specially crafted control
mode packets, a remote attacker could exploit this vulnerability to obtain
sensitive information and cause the application to crash.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119087 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID: CVE-2016-9147
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the
improper handling of responses containing DNSSEC-related RRsets that are
inconsistent with other RRsets in the same query response. By sending a
malformed response, a remote attacker could exploit this vulnerability to
trigger an assertion failure.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
120473 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-8635
DESCRIPTION: Mozilla Network Security Services (NSS), as used in Mozilla
Firefox, could allow a remote attacker to obtain sensitive information, caused
by a small subgroup confinement attack in Diffie Hellman Client key exchange
handling. By confining the client DH key to small subgroup of the desired
group, a remote attacker could exploit this vulnerability to recover private
keys.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119190 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-7545
DESCRIPTION: Policycoreutils could allow a remote attacker to execute arbitrary
commands on the system, caused by a TIOCSTI ioctl attack in the provided
sandbox tool. By persuading a victim to run a specially-crafted program, an
attacker could exploit this vulnerability to execute arbitrary commands on the
system.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119020 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)

CVEID: CVE-2016-7433
DESCRIPTION: NTP is vulnerable to a denial of service, caused by the inclusion
of the root delay allowing for an incorrect root distance calculation. An
attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 1.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119095 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-7429
DESCRIPTION: NTP is vulnerable to a denial of service, caused by an attack on
interface selection. By sending specially crafted packets with spoofed source
address, a physical attacker could exploit this vulnerability to cause a denial
of service.
CVSS Base Score: 1.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119093 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-7426
DESCRIPTION: NTP is vulnerable to a denial of service, caused by the improper
handling of invalid server responses. By sending specially crafted packets with
spoofed source address, a remote attacker could exploit this vulnerability to a
denial of service.
CVSS Base Score: 1.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119094 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-7117
DESCRIPTION: Linux Kernel could allow a remote attacker to execute arbitrary
code on the system, caused by a use-after-free in __sys_recvmmsg function in
net/socket.c. An attacker could exploit this vulnerability to execute arbitrary
code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
117765 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-7076
DESCRIPTION: Sudo could allow a local authenticated attacker to execute
arbitrary commands on the system, caused by the bypass of the sudo noexec
restriction. By running an application via sudo executed wordexp() C library
function with a user supplied argument, an attacker could exploit this
vulnerability to execute arbitrary commands with elevated privileges.
CVSS Base Score: 6.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119502 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-7032
DESCRIPTION: Sudo could allow a local authenticated attacker to execute
arbitrary commands on the system, caused by the bypass of the sudo noexec
restriction. By running an application via sudo executed system() or popen() C
library functions with a user supplied argument, an attacker could exploit this
vulnerability to execute arbitrary commands with elevated privileges.
CVSS Base Score: 6.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119500 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-6313
DESCRIPTION: GnuPG could provide weaker than expected security, caused by an
error in the mixing functions when obtaining 4640 bits from the random number
generator. A local attacker could exploit this vulnerability to predict the
next 160 bits of output.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
116169 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-6306
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by missing
message length checks when parsing certificates. A remote authenticated
attacker could exploit this vulnerability to trigger an out-of-bounds read and
cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
117112 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-6304
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by multiple
memory leaks in t1_lib.c during session renegotiation. By sending an overly
large OCSP Status Request extension, a remote attacker could exploit this
vulnerability to consume all available memory resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
117110 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-6302
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the
failure to consider the HMAC size during validation of the ticket length by the
tls_decrypt_ticket function A remote attacker could exploit this vulnerability
using a ticket that is too short to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
117024 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-5699
DESCRIPTION: urllib2 and urllib for Python are vulnerable to HTTP header
injection, caused by improper validation of input. By persuading a victim to
visit a specially-crafted Web page, a remote attacker could exploit this
vulnerability to inject arbitrary HTTP headers, which will allow the attacker
to conduct various attacks against the vulnerable system, including cross-site
scripting, cache poisoning or session hijacking.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
114200 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2016-5424
DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to gain
elevated privileges on the system, caused by the improper handling of database
and role names containing newlines, carriage returns, double quotes, or
backslashes. By running certain maintenance programs, an attacker could grant
the user superuser privileges.
CVSS Base Score: 8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
116075 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-5408
DESCRIPTION: SQUID is vulnerable to a stack-based buffer overflow, caused by
improper bounds checking by the munge_other_line function in the cachemgr.cgi.
By sending specially crafted data, a remote attacker could overflow a buffer
and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
116203 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-5285
DESCRIPTION: Mozilla Network Security Services (NSS), as used in Mozilla
Firefox, is vulnerable to a denial of service, caused by a NULL pointer
dereference in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime when
handling invalid Diffie-Hellman keys. A remote attacker could exploit this
vulnerability to crash a TLS/SSL server.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119189 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-2834
DESCRIPTION: Mozilla Network Security Services (NSS), as used in Mozilla
Firefox, could allow a remote attacker to execute arbitrary code on the system,
caused by memory safety bugs within the browser engine. By persuading a victim
to visit a specially-crafted Web site, a remote attacker could exploit this
vulnerability using unknown attack vectors to execute arbitrary code on the
vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
113870 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-2182
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an
out-of-bounds write in the TS_OBJ_print_bio function in crypto/bn/bn_print.c. A
remote attacker could exploit this vulnerability using a specially crafted
value to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
116342 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-2181
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error
in the DTLS replay protection implementation. By sending a specially crafted
sequence number, a remote attacker could exploit this vulnerability to cause
valid packets to be dropped.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
116344 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-2180
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an
out-of-bounds read in the TS_OBJ_print_bio function. A remote attacker could
exploit this vulnerability using a specially crafted time-stamp file to cause
the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
115829 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-2179
DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending specially
crafted DTLS record fragments to fill up buffer queues, a remote attacker could
exploit this vulnerability to open a large number of simultaneous connections
and consume all available memory resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
116343 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-2178
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by an error in the DSA implementation that allows the
following of a non-constant time codepath for certain operations. An attacker
could exploit this vulnerability using a cache-timing attack to recover the
private DSA key.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
113889 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-1248
DESCRIPTION: Vim could allow a local attacker to execute arbitrary code on the
system, caused by the improper validation of the ''filetype'', ''syntax'' and
''keymap'' options. By using a specially-crafted filee with a malicious
modeline, an attacker could exploit this vulnerability to execute arbitrary
code on the system.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
119191 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-0787
DESCRIPTION: libssh2 could provide weaker than expected security, caused by a
type confusion error during the SSHv2 handshake resulting in the generation of
a reduced amount of random bits for Diffie-Hellman. An attacker could exploit
this vulnerability using the truncated Diffie-Hellman secret to launch further
attacks on the system.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
111562 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2016-0772
DESCRIPTION: Python''s smtplib library is vulnerable to a stripping attack. An
exception isn''t returned by the Python''s smtplib library if StartTLS fails to
establish correctly in the SMTP.starttls() function. An attacker with
man-in-the-middle ability could exploit this vulnerability to strip out the
STARTTLS command without generating an exception on the python SMTP client
application and prevent the establishment of the TLS layer.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
114287 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2016-0718
DESCRIPTION: Expat is vulnerable to a buffer overflow, caused by improper
bounds checking when processing malformed XML data. By using the Expat library,
a remote attacker could overflow a buffer and execute arbitrary code on the
system with the privileges of the victim or cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
113408 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-7940
DESCRIPTION: Bouncy Castle could allow a remote attacker to obtain sensitive
information. An attacker could exploit this vulnerability using an invalid
curve attack to extract private keys used in elliptic curve cryptography and
obtain sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
107739 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2015-2575
DESCRIPTION: An unspecified vulnerability in Oracle MySQL Connectors related to
the Connector/J component has partial confidentiality impact, partial integrity
impact, and no availability impact.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
102348 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N)

CVEID: CVE-2015-0254
DESCRIPTION: Apache Standard Taglibs could allow a remote attacker to execute
arbitrary code on the system, caused by an XML External Entity Injection (XXE)
error when processing XML data. By sending specially-crafted XML data, an
attacker could exploit this vulnerability to execute arbitrary code on the
system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
101550 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2014-9653
DESCRIPTION: file could allow a remote attacker to execute arbitrary code on
the system, caused by an out-of-bounds read in readelf.c. By persuading a
victim to open a specially-crafted elf file, an attacker could exploit this
vulnerability to execute arbitrary code on the system or cause a denial of
service.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
100749 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2014-9620
DESCRIPTION: File is vulnerable to a denial of service, caused by an error in
the ELF parser. A remote attacker could exploit this vulnerability using an
overly long string to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
100258 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-8117
DESCRIPTION: file(1) is vulnerable to a denial of service, caused by an error
in the softmagic.c file. A remote attacker could exploit this vulnerability to
cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
99419 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-8116
DESCRIPTION: file(1) is vulnerable to a denial of service, caused by an error
in the readelf.c file. A remote attacker could exploit this vulnerability to
cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
99418 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-3710
DESCRIPTION: PHP is vulnerable to a denial of service, caused by an
out-of-bounds read in the donote() function. By persuading a victim to open a
specially-crafted elf file, a remote attacker could exploit this vulnerability
to cause the executable to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
98385 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-3587
DESCRIPTION: PHP is vulnerable to a denial of service, caused by an incomplete
fix related to the cdf_read_property_info() function. A remote attacker could
exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
95408 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

IBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3

Remediation/Fixes

+--------------------------------------------------------------------------------+
|Product    |VRMF       |Remediation/First Fix                                   |
|-----------+-----------+--------------------------------------------------------|
|IBM        |10.0-10.1.3|www.ibm.com/support/fixcentral/swg/quickorder?parent=   |
|Security   |           |IBM%20Security&product=ibm/Information+Management/      |
|Guardium   |           |InfoSphere+Guardium&release=10.0&platform=Linux&function|
|           |           |=fixId&fixids=SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&   |
|           |           |includeSupersedes=0&source=fc                           |
+--------------------------------------------------------------------------------+

Workarounds and Mitigations

None

Change History

12/19/17: Original Version Published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWjoB+Ix+lLeg9Ub1AQg1PBAAm3lAFiWqyDEL+H4RSCMxaZnwizgxkEyj
CrqD8ZsKNMfqnyoN0UBcetmwCRnt/nJ/hd673Rqs6diQ4Kt//7MhRCSg4yhdBCn4
JWWNK1tSKZCB5JoX+2WN8XGqRLLtpamZgCehyhUYSBcj24lsf48iTgZFxIhNKphF
7g2AH/CLptZNpB9/AzvABL0NAxX5lmIhmwz5GmU0AHMjmxNRp7/rr1hHfXCt6zjE
5BF8Yvh86Apvyk4kvY0hD9ZgxhJPk615KTus2cJYhKTKoYYHgKINGf9xXJCrXarj
gieYRIvta+ntcpKl3NW66HAuXa3wDiNxi3hYHG6ro0pZkYCR7fUVTyEOvUfQS6V5
wxdbGXuR46CNByRVto+w8WxMDpTQ3G6uqoJgFomfK2T4S3szsf0ewRorAl+aygqH
tyikq+fzbzp5P2lZxsWHzJ23B4q1ryBt29f3Jhp8UxoN6fros6Tu6swxK1v1Ti5O
8bFuIteyCg4GckzJl0AeMwn/uTVNwYnAzTjBPisFPNm5hzLXxL2jVYWVNytrm7XP
OHpHKR23TLdxESd2rbTCOwJExGZd8gtK9G/RdVxOjyaZMjXJKKM5n1vv3LYsQgtW
QUPcuVe0J/rA8AuaI4vMzcaAc/f8bmfKCad0dd/1qMB4vuVO4d2wTtp04ZksDR3Y
uE4BVfzgaEQ=
=vQJo
-----END PGP SIGNATURE-----

« Back to bulletins