Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.2195 Multiple vulnerabilities identified in IBM Security Network Protection 21 November 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Security Network Protection Publisher: IBM Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-6183 CVE-2014-4345 CVE-2014-4344 CVE-2014-4343 CVE-2014-4342 CVE-2014-4341 CVE-2014-3660 CVE-2014-1568 CVE-2013-6800 CVE-2013-1418 Reference: ASB-2014.0108 ASB-2014.0107 ESB-2014.2190 ESB-2014.1836 ESB-2014.1666 ESB-2014.1663 ESB-2014.1611 ESB-2014.1604 ESB-2014.1352 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21690821 http://www-01.ibm.com/support/docview.wss?uid=swg21690823 http://www-01.ibm.com/support/docview.wss?uid=swg21690820 http://www-01.ibm.com/support/docview.wss?uid=swg21690824 http://www-01.ibm.com/support/docview.wss?uid=swg21690822 Comment: This bulletin contains five (5) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: IBM Security Network Protection is affected by Network Security Services vulnerability (CVE-2014-1568) Security Bulletin Document information More support for: IBM Security Network Protection Software version: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2.0 Operating system(s): Firmware Reference #: 1690821 Modified date: 2014-11-19 Summary A security vulnerability has been discovered in Network Security Services (NSS) versions used by IBM Security Network Protection. NSS is a component that supports the development of security-enabled applications. Vulnerability Details CVE-ID: CVE-2014-1568 Description: Mozilla Network Security Services (NSS) could allow a remote attacker to bypass security restrictions, caused by the failure to properly parse ASN.1 values in a digital signature. An attacker could exploit this vulnerability using a Bleichenbacher attack variant against the RSA algorithm to forge RSA certificates and gain unauthorized access to secure data. CVSS: CVSS Base Score: 8.8 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/96194 for more information CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:N) Affected Products and Versions Products: IBM Security Network Protection (XGS) models 3100, 4100, 5100 Firmware versions: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2 Remediation/Fixes IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch. 5.1.0.0-ISS-XGS-All-Models-Hotfix-FP0013 for IBM Security Network Protection products at version 5.1 5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0008 for IBM Security Network Protection products at version 5.1.1 5.1.2.0-ISS-XGS-All-Models-Hotfix-FP0009 for IBM Security Network Protection products at version 5.1.2 5.1.2.1-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.1.2.1 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.2 Workarounds and Mitigations None References Complete CVSS Guide On-line Calculator V2 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: IBM Security Network Protection is affected by Shell Command Injection vulnerability (CVE-2014-6183) Security Bulletin Document information More support for: IBM Security Network Protection Software version: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2.0, 5.3 Operating system(s): Firmware Reference #: 1690823 Modified date: 2014-11-19 Summary A Shell Command Injection vulnerability has been discovered in IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2014-6183 Description: IBM Security Network Protection could allow a remote attacker to execute arbitrary commands on the system. An authenticated attacker could exploit this vulnerability to inject and execute arbitrary shell commands on the system. CVSS: CVSS Base Score: 9.0 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/98519 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C) Affected Products and Versions Products: IBM Security Network Protection (XGS) models 3100, 4100, 5100, 7100 Firmware versions: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2, 5.3 Remediation/Fixes IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch. 5.1.0.0-ISS-XGS-All-Models-Hotfix-FP0013 for IBM Security Network Protection products at version 5.1 5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0008 for IBM Security Network Protection products at version 5.1.1 5.1.2.0-ISS-XGS-All-Models-Hotfix-FP0009 for IBM Security Network Protection products at version 5.1.2 5.1.2.1-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.1.2.1 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.2 5.3.0.0-ISS-XGS-All-Models-Hotfix-FP0001 for IBM Security Network Protection products at version 5.3 Workarounds and Mitigations None References Complete CVSS Guide On-line Calculator V2 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM Security Systems Ethical Hacking Team: Paul Ionescu, Brennan Brazeau, John Zuccato, Jonathan Fitz-Gerald, Warren Moynihan *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: IBM Security Network Protection is affected by krb5 vulnerability (CVE-2014-1568) Security Bulletin Document information More support for: IBM Security Network Protection Software version: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2.0, 5.3 Operating system(s): Firmware Reference #: 1690820 Modified date: 2014-11-19 Summary Kerberos is a network authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party. Multiple security vulnerabilities have been discovered in the Kerberos krb5 component used by IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2013-1418 Description: MIT Kerberos is vulnerable to a denial of service, caused by a NULL pointer dereference in the setup_server_realm() function. If a KDC serves multiple realms, a remote attacker could exploit this vulnerability to cause KDC to crash. CVSS: CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88565 for more information CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVE-ID: CVE-2013-6800 Description: MIT Kerberos is vulnerable to a denial of service, caused by a NULL pointer dereference in an unspecified third-party database module for the Key Distribution Center (KDC). By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause daemon to crash. CVSS: CVSS Base Score: 4 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89060 for more information CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P) CVE-ID: CVE-2014-4341 Description: MIT Kerberos is vulnerable to a denial of service, caused by a NULL pointer dereference. By injecting invalid tokens into a GSSAPI application session, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS: CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/94904 for more information CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-ID: CVE-2014-4342 Description: MIT Kerberos is vulnerable to a denial of service, caused by a NULL pointer dereference. By injecting invalid tokens into a GSSAPI application session, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS: CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/94903 for more information CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-ID: CVE-2014-4343 Description: MIT Kerberos 5 (krb5) is vulnerable to a denial of service, caused by a double-free error in the init_ctx_reselect() function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a GSSAPI initiator to crash. CVSS: CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95211 for more information CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-ID: CVE-2014-4344 Description: MIT Kerberos 5 (krb5) is vulnerable to a NULL pointer dereference in the acc_ctx_cont() function within the SPNEGO Acceptor for Continuation Tokens. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the application to crash. CVSS: CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95210 for more information CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVE-ID: CVE-2014-4345 Description: MIT Kerberos 5 is vulnerable to a buffer overflow, caused by improper bounds checking by the krb5_encode_krbsecretkey() function. By sending an overly long array, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS: CVSS Base Score: 8.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95212 for more information CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:C/I:C/A:C) Affected Products and Versions Products: IBM Security Network Protection (XGS) models 3100, 4100, 5100, 7100 Firmware versions: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2, 5.3 Remediation/Fixes IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch. 5.1.0.0-ISS-XGS-All-Models-Hotfix-FP0013 for IBM Security Network Protection products at version 5.1 5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0008 for IBM Security Network Protection products at version 5.1.1 5.1.2.0-ISS-XGS-All-Models-Hotfix-FP0009 for IBM Security Network Protection products at version 5.1.2 5.1.2.1-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.1.2.1 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.2 5.3.0.0-ISS-XGS-All-Models-Hotfix-FP0001 for IBM Security Network Protection products at version 5.3 Workarounds and Mitigations None References Complete CVSS Guide On-line Calculator V2 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: IBM Security Network Protection is affected by libxml2 vulnerability (CVE-2014-3660) Security Bulletin Document information More support for: IBM Security Network Protection Software version: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2.0, 5.3 Operating system(s): Firmware Reference #: 1690824 Modified date: 2014-11-19 Summary A security vulnerability has been discovered in libxml2 versions used by IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2014-3660 Description: Libxml2 is vulnerable to a denial of service, caused by the expansion of recursive entities. A remote attacker could exploit this vulnerability using a specially-crafted XML document processed by an application using libxml2 to consume all available CPU resources. CVSS: CVSS Base Score: 5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97656 for more information CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) Affected Products and Versions Products: IBM Security Network Protection (XGS) models 3100, 4100, 5100, 7100 Firmware versions: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2, 5.3 Remediation/Fixes IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch. 5.1.0.0-ISS-XGS-All-Models-Hotfix-FP0013 for IBM Security Network Protection products at version 5.1 5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0008 for IBM Security Network Protection products at version 5.1.1 5.1.2.0-ISS-XGS-All-Models-Hotfix-FP0009 for IBM Security Network Protection products at version 5.1.2 5.1.2.1-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.1.2.1 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.2 5.3.0.0-ISS-XGS-All-Models-Hotfix-FP0001 for IBM Security Network Protection products at version 5.3 Workarounds and Mitigations None References Complete CVSS Guide On-line Calculator V2 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: Vulnerability in SSLv3 affects Network Protection (CVE-2014-3566) Security Bulletin Document information More support for: IBM Security Network Protection Software version: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2.0, 5.3 Operating system(s): Firmware Reference #: 1690822 Modified date: 2014-11-19 Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled in the IBM Security Network Protection Local Management Interface (LMI). Vulnerability Details CVE-ID: CVE-2014-3566 DESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97013 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) Affected Products and Versions Products: IBM Security Network Protection (XGS) models 3100, 4100, 5100, 7100 Firmware versions: 5.1, 5.1.1, 5.1.2, 5.1.2.1, 5.2, 5.3 Remediation/Fixes IBM has provided patches for all affected versions. Follow the installation instructions in the README files included with the patch. 5.1.0.0-ISS-XGS-All-Models-Hotfix-FP0013 for IBM Security Network Protection products at version 5.1 5.1.1.0-ISS-XGS-All-Models-Hotfix-FP0008 for IBM Security Network Protection products at version 5.1.1 5.1.2.0-ISS-XGS-All-Models-Hotfix-FP0009 for IBM Security Network Protection products at version 5.1.2 5.1.2.1-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.1.2.1 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0005 for IBM Security Network Protection products at version 5.2 5.3.0.0-ISS-XGS-All-Models-Hotfix-FP0001 for IBM Security Network Protection products at version 5.3 IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. Workarounds and Mitigations FIPS mode is not vulnerable to this exploit. FIPS mode can be enabled on the appliance only during the initial setup; it can not be enabled after the appliance has been initially configured. References Complete CVSS Guide On-line Calculator V2 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVG668xLndAQH1ShLAQIe8BAAn2GwpzHM0USWnOUxxC7WhTk+3BFD5iNG Bug1NpdebvlvwD22mF5aFyZXNUaykSsZwVIr6Od/ZNhoAY4WjuQ1g7B2VvLouv17 U5AR6ZW2+7cssDBh8ulOGEvXn/NLBJLhvCbEm0qJmB8ILqMtHHnofbX7Y5hPsNey hHJtHMrRkNZgHIrKhWQ4pdwLDF7A8oZDqCAEdJrbph1tJPZEaFJX3Aor0GiR86Qm 1WFm+96Dec1V12IMuQsZ+XEikP81tzvEg3I7MTK/nxnloTDp+RlE1QqHAm1PYdaO z6hWVAdVfnu7fuFk5uVZ+vh/e+yYPeY+FzG6jtOTeb6DrUf39eB/eaM51GJR4eW5 oPqT+jdSAmnWwfDgx4UFX6RFsFwPqo7THOmU/9AbJ9OvOxgktXTNlT8r2poxT2Dg tA6fIJtiE/Ewi1eWqGHQVyGTvA79bKuRaEf3PVKoTM/feKHwsVgHtgy0SPHo4xTX maAYM2ZeBVC3g/kPxn6EGHzIF4gs3CC01Z5bYsjZpH7e9E5NF5B9nBXZEgJM0wLQ UlUba3VVX2Z6s98agq9frdq++izgU8EqFh0rKg7M4ILvBAXw4g/DWCugIE7kgsAm okuDIynyFWsINaCcz7ub9wHJa0nFbxSnT950kUbJFWGmti4co+3oT4W4xtBwVAAH USU2i7hL5uU= =1WPi -----END PGP SIGNATURE-----