ESB-2018.0001 - [Win][UNIX/Linux] IBM Netezza Host Management: Multiple vulnerabilities 2018-01-02

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0001
       Multiple vulnerabilities have been identified in IBM Netezza
                              Host Management
                              2 January 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Netezza Host Management
Publisher:         IBM
Operating System:  UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Access Privileged Data          -- Remote/Unauthenticated
                   Modify Arbitrary Files          -- Remote/Unauthenticated
                   Provide Misleading Information  -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-15275 CVE-2017-14746 CVE-2017-12163
                   CVE-2017-12151 CVE-2017-12150 CVE-2017-3736
                   CVE-2017-3735  

Reference:         ASB-2017.0218
                   ASB-2017.0209
                   ESB-2017.2872
                   ESB-2017.2838
                   ESB-2017.2822

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=swg22011039
   http://www.ibm.com/support/docview.wss?uid=swg22009491

Comment: This bulletin contains two (2) IBM security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Multiple vulnerabilities in Open Source OpenSSL affect IBM
Netezza Host Management

Document information

More support for: PureData System for Analytics
Host

Software version: 1.0.0

Operating system(s): Platform Independent

Software edition: All Editions

Reference #: 2011039

Modified date: 21 December 2017

Security Bulletin

Summary

Open Source OpenSSL is used by IBM Netezza Host Management. IBM Netezza Host
Management has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2017-3735
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by an error while parsing an IPAdressFamily extension in an
X.509 certificate. An attacker could exploit this vulnerability to trigger an
out-of-bounds read, resulting in an incorrect text display of the certificate.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
131047 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID: CVE-2017-3736
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by a carry propagation flaw in the the x86_64 Montgomery
squaring function bn_sqrx8x_internal(). An attacker with online access to an
unpatched system could exploit this vulnerability to obtain information about
the private key.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
134397 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Netezza Host Management 5.4.2.1 - 5.4.15.0

Remediation/Fixes

To resolve the reported CVE for Red Hat Enterprise Linux (RHEL) on PureData
System for following platforms :

PureData System for Analytics N3001
PureData System for Analytics N200x
PureData System for Analytics N1001
IBM Netezza High Capacity Appliance C1000
IBM Netezza 1000
IBM Netezza 100, update to the following IBM Netezza Host Management release:

+----------------------------------------+----------+-----------------------------------------------------+
|Product                                 |VRMF      |Remediation/First Fix                                |
+----------------------------------------+----------+-----------------------------------------------------+
|IBM Netezza Host Management             |5.4.16.0  |Link to Fix Central                                  |
+----------------------------------------+----------+-----------------------------------------------------+

The Netezza Host Management software contains the latest RHEL updates for the
operating systems certified for use on IBM Netezza/PureData System for
Analytics appliances. IBM recommends upgrading to the latest Netezza Host
Management version to ensure that your hosts have the latest fixes, security
changes, and operating system updates. IBM Support can assist you with planning
for the Netezza Host Management and operating system upgrades to your
appliances.

For more details on IBM Netezza Host Management security patching:

  o Red Hat Enterprise Linux (RHEL) Security Patching for IBM PureData System
    for Analytics appliances

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support
alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

21 December 2017: Original version published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- -------------------------------------------------------------------------------

Security Bulletin: Multiple vulnerabilities in Open Source Samba affect IBM
Netezza Host Management

Document information

More support for: PureData System for Analytics
Host

Software version: 1.0.0

Operating system(s): Platform Independent

Software edition: All Editions

Reference #: 2009491

Modified date: 21 December 2017

Security Bulletin

Summary

Open Source Samba is used by IBM Netezza Host Mangement. IBM Netezza Host
Management has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2017-12163
DESCRIPTION: Samba could allow a remote authenticated attacker to obtain
sensitive information, caused by a memory leak over SMB1. By sending specially
crafted SMB1 data, an attacker could exploit this vulnerability to cause
portions of server memory contents to be written to a file and obtain sensitive
information.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
132351 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-12151
DESCRIPTION: Samba could provide weaker than expected security, caused by the
failure to properly sign and encrypt DFS redirects when the max protocol for
the original connection is set as 'SMB3'. An attacker could exploit this
vulnerability using man-in-the-middle techniques to read and alter confidential
documents.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
132350 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2017-12150
DESCRIPTION: Samba could allow a remote attacker to obtain sensitive
information, caused by the failure to require SMB signing in SMB1/2/3
connections. An attacker could exploit this vulnerability using
man-in-the-middle techniques to hijack client connections and obtain sensitive
information.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
132349 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-14746
DESCRIPTION: Samba could allow a remote attacker to execute arbitrary code on
the system, caused by a use-after-free memory error. By sending a specially
crafted SMB1 request, an attacker could exploit this vulnerability to execute
arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
135222 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-15275
DESCRIPTION: Samba could allow a remote attacker to obtain sensitive
information, caused by a heap memory information leak. By sending a specially
crafted request, an attacker could exploit this vulnerability to obtain
password hashes or other high-value data.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
135221 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Netezza Host Management 5.4.5.0 - 5.4.15.0

Remediation/Fixes

To resolve the reported CVE CVE-2017-12163, CVE-2017-12150, CVE-2017-14746 and
CVE-2017-15275 for Red Hat Enterprise Linux (RHEL) on PureData System for
Analytics N200x and N3001 platforms only, update to the following IBM Netezza
Host Management release:

+----------------------------------------+----------+-----------------------------------------------------+
|Product                                 |VRMF      |Remediation/First Fix                                |
+----------------------------------------+----------+-----------------------------------------------------+
|IBM Netezza Host Management             |5.4.16.0  |Link to Fix Central                                  |
+----------------------------------------+----------+-----------------------------------------------------+

The Netezza Host Management software contains the latest RHEL updates for the
operating systems certified for use on IBM Netezza/PureData System for
Analytics appliances. IBM recommends upgrading to the latest Netezza Host
Management version to ensure that your hosts have the latest fixes, security
changes, and operating system updates. IBM Support can assist you with planning
for the Netezza Host Management and operating system upgrades to your
appliances.

For more details on IBM Netezza Host Management security patching:

  o Red Hat Enterprise Linux (RHEL) Security Patching for IBM PureData System
    for Analytics appliances

Workarounds and Mitigations

Mitigation of the reported CVE CVE-2017-12163 and CVE-2017-12150 applies to the
following platforms only:
PureData System for Analytics N1001
IBM Netezza High Capacity Appliance C1000
IBM Netezza 1000
IBM Netezza 100

Execute below steps using "root" user on both ha1/ha2 hosts

Step 1. Check if Samba module is installed in the host
[host]# rpm -qa | grep samba

Step 2. Check if Samba service is running
[host]# /etc/init.d/smb status

Step 3. If Samba service is running, stop the smb service
[host]# /etc/init.d/smb stop

Step 4. Backup the /etc/samba/smb.conf file
[host]# cp /etc/samba/smb.conf /etc/samba/smb.conf_backup

Step 5. Edit the /etc/samba/smb.conf and set following parameter as below:

client signing = required

Also add following parameter in global settings as below:

#============ Global Settings ==========

[global]
server min protocol = SMB2_02

Step 6. Start the smb services using below command:
[host]# /etc/init.d/smb start

Note : If samba configuration file smb.conf is changed/modified in future,
please verify if above settings is changed. If changed please make sure to
mitigate this issue by following steps 2 to 6.

Mitigation of the reported CVE CVE-2017-12151 on PureData System for Analytics
N200x and N3001 platforms only :

Execute below steps using "root" user on both ha1/ha2 hosts

Step 1. Check if Samba module is installed in the host
[host]# rpm -qa | grep samba

Step 2. Check if Samba service is running
[host]# /etc/init.d/smb status

Step 3. If Samba service is running, stop the smb service
[host]# /etc/init.d/smb stop

Step 4. Backup the /etc/samba/smb.conf file
[host]# cp /etc/samba/smb.conf /etc/samba/smb.conf_backup

Step 5. Edit the /etc/samba/smb.conf and set following parameters as below:

client max protocol = NT1

Step 6. Start the smb services using below command:
[host]# /etc/init.d/smb start

Note : If samba configuration file smb.conf is changed/modified in future,
please verify if above settings is changed. If changed please make sure to
mitigate this issue by following steps 2 to 6.

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support
alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3


Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


Change History

21 December 2017: Original version published

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY
ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWkq7Jox+lLeg9Ub1AQiTrw/9EvdUNLdfi1Z20QBsimTNQKT+PGeVs0Bk
uLOAwKIEgRubFSfhHRwdeVjhL8nY0mWiS+1vStgLCT4RbfzgWF6w2sAXliKZmX1h
N/cTu4yWhP6v/6WFgxmW2nYu5cH8q3+R8UV8GEsNWt5OZbYGdS4A3Vg0zhyMQnoo
uxIrPGI7/PYzPcwyZB8y2v++G06DE99YqJjim5+9IvUwzuZp95a/rxVaOCcL5adS
fjxxUbBjHKHFpZ3hjgUSHT9qpK7EFUiTCC7s/I0+echiAkaAmGTF5ocbV2o/WLF8
cwUdNuavc4Jc1cqb6v9kUD0AZPz8gcjHXsPFaIgqfdxdyEIY+8iK6zOpoZL32KM/
/4EXAb0dUvoOzV6zynom/rCDi7A8C2J+DP7cuuHFgyIKdAZQcUTV/Fim+2+ApY+0
alK0GFHCzIH0LhiwdYyV5lq3Xru2/O8W8lrPmdQMgx8dfAYstaD4Tjmb2YyA5aU6
/6CbvooRAioMNQbN4zTa0U90L4cHumQM+KXvJtaNwQU+yZNPPNp+A1zhSpjdZn1x
kniaDWrJAx2c3ykAs3RI/kALhU+YyOa5NwQuvvoPTMVIFXv8eCXr6s5n81pNVl5l
EPsoDNh9W6neVPInAh0g9z3r+tL2/0k0aSjI4HMsHXHVUF/4gRl5SgbC4inL2qsL
Bd3mbdJzzgY=
=QSLl
-----END PGP SIGNATURE-----

« Back to bulletins