Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3732 Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance 4 October 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Security Access Manager Appliance Publisher: IBM Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-11479 CVE-2019-11478 CVE-2019-11477 CVE-2019-10160 CVE-2019-3862 CVE-2019-1559 CVE-2018-15473 CVE-2018-14618 CVE-2018-7485 CVE-2018-7409 CVE-2018-5407 CVE-2018-0734 Reference: ASB-2019.0221 ASB-2019.0220 Original Bulletin: https://www.ibm.com/support/pages/node/1076727 - --------------------------BEGIN INCLUDED TEXT-------------------- Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance Security Bulletin Summary Multiple Security vulnerabilities have been fixed and delivered in IBM Security Access Manager Appliance. Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive information, caused by execution engine sharing on Simultaneous Multithreading (SMT) architecture. By using the PortSmash new side-channel attack, an attacker could run a malicious process next to legitimate processes using the architectures parallel thread running capabilities to leak encrypted data from the CPU's internal processes. Note: This vulnerability is known as PortSmash. CVSS Base Score: 5.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152484 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2019-10160 DESCRIPTION: Python urllib.parse.urlsplit and urllib.parse.urlparse components could allow a remote attacker to obtain sensitive information, caused by improper unicode encoding handling. By using a specially-crafted URL, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 162358 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2019-11479 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size (MSS). By sending specially-crafted MSS traffic, a remote attacker could exploit this vulnerability to cause excess usage of system resources. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 162665 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-11478 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an issue with fragmenting the TCP retransmission queue when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause an excess of system resource usage. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 162664 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-11477 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 162662 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2018-14618 DESCRIPTION: cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the Curl_ntlm_core_mk_nt_hash internal function in the NTLM authentication code. By sending an overly long password, a remote attacker could overflow a buffer and execute arbitrary code and cause the application to crash. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149359 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-3862 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing packets with an exit status message and no payload. By sending specially crafted SSH_MSG_CHANNEL_REQUEST packets, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158346 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2019-1559 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. An attacker could exploit this vulnerability using a 0-byte record padding-oracle attack to decrypt traffic. CVSS Base Score: 5.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 157514 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N) CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm to recover the private key. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152085 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) EID: CVE-2018-7485 DESCRIPTION: unixODBC is vulnerable to a denial of service, caused by a flaw in the SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c. A remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139553 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-7409 DESCRIPTION: unixODBC is vulnerable to a buffer overflow, caused by improper bounds checking by the unicode_to_ansi_copy function in DriverManager/__info.c. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139393 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to valid and invalid authentication attempts. By sending a specially crafted request, an attacker could exploit this vulnerability to enumerate valid usernames. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148397 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions IBM Security Access Manager Appliance 9.0 Remediation/Fixes +-------------------------------+-------+-----------------------+ |Affected Product/Version |APAR(s)|Fix availability | +-------------------------------+-------+-----------------------+ | |IJ18764| | | |IJ18762| | | |IJ18760| | |IBM Security Access Manager 9.0|IJ18766|9.0.7.0-ISS-ISAM-IF0001| | |IJ18765| | | |IJ18774| | | |IJ18773| | | |IJ18769| | +-------------------------------+-------+-----------------------+ Workarounds and Mitigations None More support for: IBM Security Access Manager Appliance Software version: 9.0 Operating system(s): Appliance Reference #: 1076727 Modified date: 30 September 2019 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXZbiK2aOgq3Tt24GAQjd1BAAuAlolhD7/Qz3Co8FSr22sM5N91t0QLxV jDgkNsQZf4Z4aLQnUeUD6FvKk9waSwwIWg9gKwEHJePx9c9N19adY+fFvEa95scS q7mWFTzzGCCKqKiNWBm3p8Wd3ORIb+g92U99eY8L8G8OBgs3Qr3VHXsgPuE9AnXY 9a7t+mmsQa3JSxZIw1KedkD4EdMb6nFOWjz4oDQ4BNsUzeswwzam1QLX/UG93Tf9 rjIXk1HLhkIZdPddC4ndzNrLMXc/4OP3bQYv08xeS1NJF/srO1XQBsR8EmdxiUN2 k7e+jmUl+woeLjlZmXRWpFjGC6eMhrd13Do+q0CE/1Y06vGuVRNPrOzE1BT4RI9k TSLeDgyB4nLDStm9r4iKbeqwUB/iayIpFJM38CGTqtRSeralyNWaAP9JLR9ArtZW 8Qsoe266XVvY/hyG2fcEFLsIGizTpqn0SPTmOPiUUvB/6sShT0xvtj/yINizpsmr cY2MH3u+N6h/7w+elvsbGP/cFNqAIg7oimVNaKFX+70Ck3P8Xemmi2Rq4H0y0Dit 6yjGiOK4Gj+ezaFeDsng3/fjM1UWuRvYZKobrYURamixw3vZeD2wHJr1f8Pfq13h jx+31XUcj3QlamV4zf41JkwNt8U7+cHP/CxFCH6jU7Y/8zTJXdSH7fbzsw7RvSXV dPBF3kRgZxw= =6zMx -----END PGP SIGNATURE-----