Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.3049 Vulnerabilities in NTP, OpenSSL and Intel CPU's affect IBM Netezza Firmware Diagnostics 9 October 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Netezza Publisher: IBM Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-7185 CVE-2018-7184 CVE-2018-7183 CVE-2018-7182 CVE-2018-7170 CVE-2018-3640 CVE-2018-3639 CVE-2018-0737 CVE-2017-3738 CVE-2017-3737 CVE-2016-0701 Reference: ASB-2018.0121 ASB-2018.0096 ASB-2018.0026 ESB-2018.3028 ESB-2018.3020 ESB-2018.2969 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22016330 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Vulnerabilities in NTP, OpenSSL and Intel CPU's affect IBM Netezza Firmware Diagnostics. Document information More support for: PureData System for Analytics Software version: 1.0.0 Operating system(s): Platform Independent Software edition: All Editions Reference #: 2016330 Modified date: 08 October 2018 Summary Public disclosed vulnerability from Network Time Protocol (NTP), Public disclosed vulnerability from OpenSSL and Intel CPU's are used by IBM Netezza Firmware Diagnostics. IBM Netezza Firmware Diagnostics Support Tools has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-7183 DESCRIPTION: NTP is vulnerable to a buffer overflow, caused by improper bounds checking by the decodearr function. By leveraging an ntpq query and sending a response with a crafted array, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base Score: 5.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140092 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2018-7185 DESCRIPTION: NTP is vulnerable to a denial of service. By sending specially crafted packets, a remote authenticated attacker could exploit this vulnerability to reset authenticated interleaved association. CVSS Base Score: 3.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139783 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-7170 DESCRIPTION: NTP could allow a remote authenticated attacker to bypass security restrictions, caused by a Sybil attack. By creating many ephemeral associations, an attacker could exploit this vulnerability to win the clock selection of ntpd and modify a victim's clock. CVSS Base Score: 3.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139786 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-7182 DESCRIPTION: NTP could allow a remote attacker to obtain sensitive information, caused by a leak in the ctl_getitem() function. By sending a specially crafted mode 6 packet, an attacker could exploit this vulnerability to read past the end of its buffer. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139785 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2018-7184 DESCRIPTION: NTP is vulnerable to a denial of service, caused by the failure of the interleaved symmetric mode to recover from bad state. By sending specially crafted packets, a remote authenticated attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 3.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139784 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-0737 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation algorithm. An attacker with access to mount cache timing attacks during the RSA key generation process could exploit this vulnerability to recover the private key and obtain sensitive information. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141679 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-3738 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An attacker could exploit this vulnerability to obtain information about the private key. Note: In order to exploit this vulnerability, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. CVSS Base Score: 3.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136078 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-3737 DESCRIPTION: An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and high availability impact. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 136077 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2018-3640 DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution that perform speculative reads of system registers. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to determine the values stored in system registers. Note: This vulnerability is the Rogue System Register Read (RSRE), also known as Variant 3a. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143570 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N) CVEID: CVE-2018-3639 DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by utilizing sequences of speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known. By conducting targeted cache side-channel attacks, an attacker could exploit this vulnerability to bypass security restrictions and gain read access to privileged memory. Note: This vulnerability is the Speculative Store Bypass (SSB), also known as Variant 4 or "SpectreNG". CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143569 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N) Affected Products and Versions IBM Netezza Firmware Diagnostic Support Tools 2.0.0.9 Remediation/Fixes This download contains IBM Netezza Firmware Diagnostics Support Tools 2.0.0.9 which includes updated versions of firmware for the following platforms: PureData System for Analytics N2002 PureData System for Analytics N3001 Update to the following release to addresses the applicable CVEs. +------------------------------------------------+----------+---------------------------------------------------+ |Product |VRMF |Remediation/First Fix | +------------------------------------------------+----------+---------------------------------------------------+ |IBM Netezza Firmware Diagnostics Support Tools |2.0.0.9 |Link to Fix Central | +------------------------------------------------+----------+---------------------------------------------------+ The IBM Netezza Firmware Diagnostics Support Tools software contains the latest firmware updates certified for use on IBM Netezza/PureData System for Analytics appliances. IBM recommends upgrading to the latest IBM Netezza Firmware Diagnostics Support Tools software version to ensure that your hosts have the latest fixes, security changes, and updates. IBM Support can assist you with planning for the IBM Netezza Firmware Diagnostics Support Tools upgrades to your appliances. Change History 04 October 2018 *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW7weRGaOgq3Tt24GAQi4tw/6Ape59Eg9x2h7ZQ0EpHRO1hq1Bhr2vs2A Ahjl2KTQ3RNMXKEnYcnaLdqmwrcsNnUEXA7MXMemvlvuV+fZOYYH75nT77uEuP87 zOrHd4+MAICOujzGZWmd+SdZ41lHRhpWcpGBXsWUZBYzV+Uqj34IAHo3BeAcFUdF 02QKlCKYSbvfsJlEThRwAxZItTH1BB6mjWXEI7okcD3BDZePbaZtmVLqy8nahliT OPPU56pMCE8/ez5EfDxCT/daoXNtMxXs1MNAHMbssoY5CwNB/4PdrAOshi8J9der 7GCgYEB8MWjy3cFIPdKyRvS5JrN2PSQb0g4/2l6+paRWsaR3iR9RyoaDhEG0VRxO OeEB0Be0jmISh2pTsnzUfkK2UIcBMI7cdbSOB4rZN9/sU2cj5D/ucweExrcbKl+z 29tYnuV6MTI2Tu4g51WgYB3DRhC6rX9IR4OY6pCwvGFfdS+uSFsXeG+EOyENtVAr nWuB96RZOURina78h9F5YB4YHWYeNIK+nrT9PMFDYTvDBtUwJ/CveUwZwaoAomlo CWdhCAHNyokzQfBQIuDnsCgdbyTIPNeJzyb+45dJTqH35/MKumeJcODBPlTPlexm 7tHdq+5mdCRNrFfjX2/eAxOZ9+EX8ZduXtvJq894ROYG2o8hqX8sYHmEvq+YCbU1 UQpSRAIB5O0= =3BXw -----END PGP SIGNATURE-----