Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3732
Multiple Security Vulnerabilities have been addressed in IBM
Security Access Manager Appliance
4 October 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Security Access Manager Appliance
Publisher: IBM
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11479 CVE-2019-11478 CVE-2019-11477
CVE-2019-10160 CVE-2019-3862 CVE-2019-1559
CVE-2018-15473 CVE-2018-14618 CVE-2018-7485
CVE-2018-7409 CVE-2018-5407 CVE-2018-0734
Reference: ASB-2019.0221
ASB-2019.0220
Original Bulletin:
https://www.ibm.com/support/pages/node/1076727
- --------------------------BEGIN INCLUDED TEXT--------------------
Multiple Security Vulnerabilities have been addressed in IBM Security Access
Manager Appliance
Security Bulletin
Summary
Multiple Security vulnerabilities have been fixed and delivered in IBM Security
Access Manager Appliance.
Vulnerability Details
CVEID: CVE-2018-5407
DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could
allow a local attacker to obtain sensitive information, caused by execution
engine sharing on Simultaneous Multithreading (SMT) architecture. By using the
PortSmash new side-channel attack, an attacker could run a malicious process
next to legitimate processes using the architectures parallel thread running
capabilities to leak encrypted data from the CPU's internal processes. Note:
This vulnerability is known as PortSmash.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152484 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2019-10160
DESCRIPTION: Python urllib.parse.urlsplit and urllib.parse.urlparse components
could allow a remote attacker to obtain sensitive information, caused by
improper unicode encoding handling. By using a specially-crafted URL, an
attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162358 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2019-11479
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
flaw when processing minimum segment size (MSS). By sending specially-crafted
MSS traffic, a remote attacker could exploit this vulnerability to cause excess
usage of system resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162665 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11478
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an
issue with fragmenting the TCP retransmission queue when processing TCP
Selective Acknowledgement (SACK) capabilities. By sending specially-crafted
SACKs requests, a remote attacker could exploit this vulnerability to cause an
excess of system resource usage.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162664 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11477
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an
integer overflow when processing TCP Selective Acknowledgement (SACK)
capabilities. By sending specially-crafted SACKs requests, a remote attacker
could exploit this vulnerability to cause a kernel panic condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162662 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-14618
DESCRIPTION: cURL libcurl is vulnerable to a buffer overflow, caused by an
integer overflow flaw in the Curl_ntlm_core_mk_nt_hash internal function in the
NTLM authentication code. By sending an overly long password, a remote attacker
could overflow a buffer and execute arbitrary code and cause the application to
crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
149359 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-3862
DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an
out-of-bounds read when parsing packets with an exit status message and no
payload. By sending specially crafted SSH_MSG_CHANNEL_REQUEST packets, a remote
attacker could exploit this vulnerability to cause a denial of service or read
data in the client memory.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158346 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-1559
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by the failure to immediately close the TCP connection
after the hosts encounter a zero-length record with valid padding. An attacker
could exploit this vulnerability using a 0-byte record padding-oracle attack to
decrypt traffic.
CVSS Base Score: 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
157514 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
CVEID: CVE-2018-0734
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by a timing side channel attack in the DSA signature
algorithm. An attacker could exploit this vulnerability using variations in the
signing algorithm to recover the private key.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152085 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
EID: CVE-2018-7485
DESCRIPTION: unixODBC is vulnerable to a denial of service, caused by a flaw in
the SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c. A remote attacker
could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139553 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7409
DESCRIPTION: unixODBC is vulnerable to a buffer overflow, caused by improper
bounds checking by the unicode_to_ansi_copy function in DriverManager/__info.c.
By sending an overly long argument, a remote attacker could overflow a buffer
and execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139393 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-15473
DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive
information, caused by different responses to valid and invalid authentication
attempts. By sending a specially crafted request, an attacker could exploit
this vulnerability to enumerate valid usernames.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
148397 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
IBM Security Access Manager Appliance 9.0
Remediation/Fixes
+-------------------------------+-------+-----------------------+
|Affected Product/Version |APAR(s)|Fix availability |
+-------------------------------+-------+-----------------------+
| |IJ18764| |
| |IJ18762| |
| |IJ18760| |
|IBM Security Access Manager 9.0|IJ18766|9.0.7.0-ISS-ISAM-IF0001|
| |IJ18765| |
| |IJ18774| |
| |IJ18773| |
| |IJ18769| |
+-------------------------------+-------+-----------------------+
Workarounds and Mitigations
None
More support for: IBM Security Access Manager Appliance
Software version: 9.0
Operating system(s): Appliance
Reference #: 1076727
Modified date: 30 September 2019
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXZbiK2aOgq3Tt24GAQjd1BAAuAlolhD7/Qz3Co8FSr22sM5N91t0QLxV
jDgkNsQZf4Z4aLQnUeUD6FvKk9waSwwIWg9gKwEHJePx9c9N19adY+fFvEa95scS
q7mWFTzzGCCKqKiNWBm3p8Wd3ORIb+g92U99eY8L8G8OBgs3Qr3VHXsgPuE9AnXY
9a7t+mmsQa3JSxZIw1KedkD4EdMb6nFOWjz4oDQ4BNsUzeswwzam1QLX/UG93Tf9
rjIXk1HLhkIZdPddC4ndzNrLMXc/4OP3bQYv08xeS1NJF/srO1XQBsR8EmdxiUN2
k7e+jmUl+woeLjlZmXRWpFjGC6eMhrd13Do+q0CE/1Y06vGuVRNPrOzE1BT4RI9k
TSLeDgyB4nLDStm9r4iKbeqwUB/iayIpFJM38CGTqtRSeralyNWaAP9JLR9ArtZW
8Qsoe266XVvY/hyG2fcEFLsIGizTpqn0SPTmOPiUUvB/6sShT0xvtj/yINizpsmr
cY2MH3u+N6h/7w+elvsbGP/cFNqAIg7oimVNaKFX+70Ck3P8Xemmi2Rq4H0y0Dit
6yjGiOK4Gj+ezaFeDsng3/fjM1UWuRvYZKobrYURamixw3vZeD2wHJr1f8Pfq13h
jx+31XUcj3QlamV4zf41JkwNt8U7+cHP/CxFCH6jU7Y/8zTJXdSH7fbzsw7RvSXV
dPBF3kRgZxw=
=6zMx
-----END PGP SIGNATURE-----