ESB-2018.1628 - [Appliance] IBM Network Security Protection: Multiple vulnerabilities 2018-05-31

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1628
             GSKit patched in IBM Network Security Protection
                                31 May 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM Network Security Protection
Publisher:         IBM
Operating System:  Network Appliance
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated
                   Denial of Service      -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-1447 CVE-2018-1428 CVE-2018-1427
                   CVE-2018-1426 CVE-2017-3736 CVE-2017-3732
                   CVE-2016-0705  

Reference:         ASB-2018.0093
                   ESB-2018.1331
                   ESB-2018.1196
                   ESB-2018.0660.4
                   ESB-2016.0543.2

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=swg22016549

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: IBM Security Network Protection is affected by multiple vulnerabilities

Summary

Multiple security vulnerabilities (CVE-2018-1426, CVE-2018-1427, CVE-2018-1428,
CVE-2017-3736, CVE-2017-3732, CVE-2016-0705, and CVE-2018-1447) have been
discovered in GSKit used with IBM Security Network Protection.

Vulnerability Details

CVEID: CVE-2016-0705
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a
double-free error when parsing DSA private keys. An attacker could exploit this
vulnerability to corrupt memory and cause a denial of service.
CVSS Base Score: 3.7
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/111140 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-3732
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by a carry propagating bug in the x86_64 Montgomery
squaring procedure. An attacker could exploit this vulnerability to obtain
information about the private key.
CVSS Base Score: 5.3
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/121313 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2017-3736
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by a carry propagation flaw in the x86_64 Montgomery
squaring function bn_sqrx8x_internal(). An attacker with online access to an
unpatched system could exploit this vulnerability to obtain information about
the private key.
CVSS Base Score: 5.9
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/134397 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2018-1428
DESCRIPTION: IBM GSKit uses weaker than expected cryptographic algorithms that
could allow an attacker to decrypt highly sensitive information.
CVSS Base Score: 6.2
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/139073 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2018-1427
DESCRIPTION: IBM GSKit contains several enviornment variables that a local
attacker could overflow and cause a denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/139072 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2018-1426
DESCRIPTION: IBM GSKit duplicates the PRNG state across fork() system calls
when multiple ICC instances are loaded which could result in duplicate Session
IDs and a risk of duplicate key material.
CVSS Base Score: 7.4
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/139071 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2018-1447
DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting
in weaker than expected protection of passwords. A weak password may be
recovered. Note: After update the customer should change password to ensure the
new password is stored more securely. Products should encourage customers to
take this step as a high priority action.
CVSS Base Score: 5.1
CVSS Temporal Score: See
https://exchange.xforce.ibmcloud.com/vulnerabilities/139972 for the current
score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions
IBM Security Network Protection 5.3.1
IBM Security Network Protection 5.3.3

Remediation/Fixes
IBM Security Network Protection	Firmware version 5.3.1	Download the fix from
IBM Fix Central and install it via IBM Security Network Protection Local
Management Interface.
5.3.1.16-XGS-All-Models-Hotfix-IF0001
IBM Security Network Protection	Firmware version 5.3.3	Download the fix from
IBM Fix Central and install it via IBM Security Network Protection Local
Management Interface.
5.3.3.6-XGS-All-Models-Hotfix-IF0001

Workarounds and Mitigations
None

Change History
30 May 2018: Original Version Published
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact
of this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWw8sAmaOgq3Tt24GAQjmug/+PKcXQT07poqu2wqWRRudUsj8nfQnpQ2+
tljoWMMBEIRlSu6Juefla1HrbOF6FzJsVX65SRCGbMTI8oUv3ZRsUWgnLfvDZKPe
pIjzGEUKgC7w/c+Qf/Emjih6tCFjOP9VYyoDaZQ9KOw2h2BfR9q6CPHlzA9MmnyL
l5CWPSlMrty/g4OfL7KEYQMXVPi9RhMQoy+3ah4Yri8+CusDIOGQRYe6w7J09SpC
9Ms+FSzuZxNCD8m68hgQZId+IehgkLnbMJHj5giFirkguhfH6jwLQxKuIyaVbaij
WSWHVssaiDJZx1W5jKl1m593JgEgxSwNhSYUTjA54BnPKY0oHMwsbOFZDKQdaYKQ
TA+Qpgi0uY16czOSfBGSCvob9AbhWDzaO9bvaQ242eQTxgtT+sSUPbC+kNrRg4Cv
J7+GZblpvsq9q29Kmde/8CyJ6HIbi8yWyht5aVlg1pB6MLdr3xQgGOrXYLKvaJYZ
0Rz+dAvdsZ4ukMqND95c5PXK2HrHZQlQ/wNl9gYOlvD6uIK/l4mDINByTiiiXq7B
D7Ham3qFdxs+w9+NK8lnNwcGOYNvnKfBcijESKRpsHzq4G70fQqGVoOuKspbB/Jg
X3/Z8HffrR66euv8MDieDpDUWXLinsy9VAFcgDjFvXmiHC60dvPO4iBfRfY/zhd2
kmifYWw+slM=
=MgJG
-----END PGP SIGNATURE-----

« Back to bulletins