Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.4193
Multiple vulnerabilities have been identified in IBM QRadar SIEM
7 November 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM QRadar SIEM
Publisher: IBM
Operating System: Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Existing Account
Provide Misleading Information -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11833 CVE-2019-11811 CVE-2019-11810
CVE-2019-11599 CVE-2019-11085 CVE-2019-9500
CVE-2019-7222 CVE-2019-5489 CVE-2019-4454
CVE-2019-3900 CVE-2019-3882 CVE-2019-3460
CVE-2019-3459 CVE-2019-1125 CVE-2019-1073
CVE-2019-1071 CVE-2018-18281 CVE-2018-16885
CVE-2018-16884 CVE-2018-16871 CVE-2018-16658
CVE-2018-15594 CVE-2018-14734 CVE-2018-14625
CVE-2018-13095 CVE-2018-13094 CVE-2018-13093
CVE-2018-13053 CVE-2018-12536 CVE-2018-10940
CVE-2018-10853 CVE-2018-9517 CVE-2018-9516
CVE-2018-9363 CVE-2018-8087 CVE-2018-7755
CVE-2017-7658 CVE-2017-7657 CVE-2017-7656
Reference: ASB-2019.0311
ASB-2019.0229
ASB-2019.0187
ASB-2019.0027
ASB-2019.0002
ASB-2018.0124
Original Bulletin:
https://www.ibm.com/support/pages/node/1103499
https://www.ibm.com/support/pages/node/1103493
https://www.ibm.com/support/pages/node/1103505
Comment: This bulletin contains two (2) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting (XSS)
(CVE-2019-4454)
Document Information
More support for:
IBM QRadar SIEM
Component:
Console
Software version:
7.3
Operating system(s):
Linux
Software edition:
All Editions
Reference #:
1103499
Modified date:
06 November 2019
Security Bulletin
Summary
IBM QRadar SIEM is vulnerable to cross site scripting (XSS)
Vulnerability Details
CVEID: CVE-2019-4454
DESCRIPTION:
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
163618 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
. IBM QRadar 7.3.0 to 7.3.2 Patch 4
Remediation/Fixes
IBM QRadar/QRM/QVM/QRIF/QNI 7.3.2 Patch 5
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Off
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Acknowledgement
Bohdan Korzhynskyi
Change History
06 Nov 2019: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- ---
Security Bulletin: IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities
(CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)
Document Information
More support for:
IBM QRadar SIEM
Component:
Console
Software version:
7.2, 7.3
Operating system(s):
Linux
Software edition:
All Editions
Reference #:
1103493
Modified date:
06 November 2019
Security Bulletin
Summary
IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities
Vulnerability Details
CVEID: CVE-2017-7658
DESCRIPTION: In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all
non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when
presented with two content-lengths headers, Jetty ignored the second. When
presented with a content-length and a chunked encoding header, the
content-length was ignored (as per RFC 2616). If an intermediary decided on the
shorter length, but still passed on the longer body, then body content could be
interpreted by Jetty as a pipelined request. If the intermediary was imposing
authorization, the fake pipelined request would bypass that authorization.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145522 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2018-12536
DESCRIPTION: In Eclipse Jetty Server, all 9.x versions, on webapps deployed
using default Error Handling, when an intentionally bad query arrives that
doesn't match a dynamic url-pattern, and is eventually handled by the
DefaultServlet's static file serving, the bad characters can trigger a
java.nio.file.InvalidPathException which includes the full path to the base
resource directory that the DefaultServlet and/or webapp is using. If this
InvalidPathException is then handled by the default Error Handler, the
InvalidPathException message is included in the error response, revealing the
full server path to the requesting system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145523 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2017-7656
DESCRIPTION: In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all
configurations), and 9.4.x (non-default configuration with RFC2616 compliance
enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method
space URI space version) that declares a version of HTTP/0.9 was accepted and
treated as a 0.9 request. If deployed behind an intermediary that also accepted
and passed through the 0.9 version (but did not act on it), then the response
sent could be interpreted by the intermediary as HTTP/1 headers. This could be
used to poison the cache if the server allowed the origin client to generate
arbitrary content in the response.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145520 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2017-7657
DESCRIPTION: In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all
configurations), and 9.4.x (non-default configuration with RFC2616 compliance
enabled), transfer-encoding chunks are handled poorly. The chunk length parsing
was vulnerable to an integer overflow. Thus a large chunk size could be
interpreted as a smaller chunk size and content sent as chunk body could be
interpreted as a pipelined request. If Jetty was deployed behind an
intermediary that imposed some authorization and that intermediary allowed
arbitrarily large chunks to be passed on unchanged, then this flaw could be
used to bypass the authorization imposed by the intermediary as the fake
pipelined request would not be interpreted by the intermediary as a request.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145521 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
. IBM QRadar 7.2.0 to 7.2.8 Patch 16
. IBM QRadar 7.3.0 to 7.3.2 Patch 4
Remediation/Fixes
IBM QRadar/QRM/QVM/QRIF/QNI 7.2.8 Patch 17
IBM QRadar/QRM/QVM/QRIF/QNI 7.3.2 Patch 5
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Off
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
06 Nov 2019: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- ---
Security Bulletin: IBM QRadar SIEM is vulnerable to multiple Kernel
vulnerabilities
Document Information
More support for:
IBM QRadar SIEM
Component:
Console
Software version:
7.3
Operating system(s):
Linux
Software edition:
All Editions
Reference #:
1103505
Modified date:
06 November 2019
Security Bulletin
Summary
IBM QRadar SIEM is vulnerable to multiple Kernel vulnerabilities
Vulnerability Details
CVEID: CVE-2019-9500
DESCRIPTION:
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
159642 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-11833
DESCRIPTION: fs/ext4/extents.c in the Linux kernel through 5.1.2 does not
zero out the unused memory region in the extent tree block, which might allow
local users to obtain sensitive information by reading uninitialized data in
the filesystem.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
161235 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2019-11810
DESCRIPTION: An issue was discovered in the Linux kernel before 5.0.7. A NULL
pointer dereference can occur when megasas_create_frame_pool() fails in
megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes
a Denial of Service, related to a use-after-free.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160665 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11599
DESCRIPTION: The coredump implementation in the Linux kernel before 5.0.10
does not use locking or other mechanisms to prevent vma layout or vma flags
changes while it runs, which allows local users to obtain sensitive
information, cause a denial of service, or possibly have unspecified other
impact by triggering a race condition with mmget_not_zero or get_task_mm calls.
This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers
/infiniband/core/uverbs_main.c.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160262 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2019-7222
DESCRIPTION: The KVM implementation in the Linux kernel through 4.20.5 has an
Information Leak.
CVSS Base score: 2.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
157080 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)
CVEID: CVE-2019-5489
DESCRIPTION: The mincore() implementation in mm/mincore.c in the Linux kernel
through 4.19.13 allowed local attackers to observe page cache access patterns
of other processes on the same system, potentially allowing sniffing of secret
information. (Fixing this affects the output of the fincore program.) Limited
remote exploitation may be possible, as demonstrated by latency differences in
accessing public files from an Apache HTTP Server.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
155197 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2019-3900
DESCRIPTION: An infinite loop issue was found in the vhost_net kernel module
in Linux Kernel up to and including v5.1-rc6, while handling incoming packets
in handle_rx(). It could occur if one end sends packets faster than the other
end can process them. A guest user, maybe remote one, could use this flaw to
stall the vhost_net kernel thread, resulting in a DoS scenario.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160135 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-3882
DESCRIPTION: A flaw was found in the Linux kernel's vfio interface
implementation that permits violation of the user's locked memory limit. If a
device is bound to a vfio driver, such as vfio-pci, and the local attacker is
administratively granted ownership of the device, it may cause a system memory
exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are
vulnerable.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
158984 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-3460
DESCRIPTION: A heap data infoleak in multiple locations including
L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
155419 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2019-3459
DESCRIPTION: A heap address information leak while using L2CAP_GET_CONF_OPT
was discovered in the Linux kernel before 5.1-rc1.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
155418 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-18281
DESCRIPTION: SinceLinux kernel version 3.2, the mremap() syscall performs TLB
flushes after dropping pagetable locks. If a syscall such as ftruncate()
removes entries from the pagetables of a task that is in the middle of mremap
(), a stale TLB entry can remain for a short time that permits access to a
physical page after it has been released back to the page allocator and reused.
This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16,
4.19.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
152087 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2018-16885
DESCRIPTION: A flaw was found in the Linux kernel that allows the userspace
to call memcpy_fromiovecend() and similar functions with a zero offset and
buffer length which causes the read beyond the buffer boundaries, in certain
cases causing a memory access fault and a system halt by accessing invalid
memory address. This issue only affects kernel version 3.10.x as shipped with
Red Hat Enterprise Linux 7.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
155102 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-16658
DESCRIPTION: An issue was discovered in the Linux kernel before 4.18.6. An
information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be
used by local attackers to read kernel memory because a cast from unsigned long
to int interferes with bounds checking. This is similar to CVE-2018-10940.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
149720 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2018-15594
DESCRIPTION: arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1
mishandles certain indirect calls, which makes it easier for attackers to
conduct Spectre-v2 attacks against paravirtual guests.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
148547 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2018-14734
DESCRIPTION: drivers/infiniband/core/ucma.c in the Linux kernel through
4.17.11 allows ucma_leave_multicast to access a certain data structure after a
cleanup step in ucma_process_join, which allows attackers to cause a denial of
service (use-after-free).
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
147701 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-14625
DESCRIPTION: A flaw was found in the Linux Kernel where an attacker may be
able to have an uncontrolled read to kernel-memory from within a vm guest. A
race condition between connect() and close() function may allow an attacker
using the AF_VSOCK protocol to gather a 4 byte information leak or possibly
intercept or corrupt AF_VSOCK messages destined to other clients.
CVSS Base score: 5.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
150092 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L)
CVEID: CVE-2018-13095
DESCRIPTION: An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the
Linux kernel through 4.17.3. A denial of service (memory corruption and BUG)
can occur for a corrupted xfs image upon encountering an inode that is in
extent format, but has more extents than fit in the inode fork.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145960 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-13094
DESCRIPTION: An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the
Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after
xfs_da_shrink_inode() is called with a NULL bp.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145959 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-13093
DESCRIPTION: An issue was discovered in fs/xfs/xfs_icache.c in the Linux
kernel through 4.17.3. There is a NULL pointer dereference and panic in
lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a
corrupted xfs image. This occurs because of a lack of proper validation that
cached inodes are free during allocation.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145958 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-13053
DESCRIPTION: The alarm_timer_nsleep function in kernel/time/alarmtimer.c in
the Linux kernel through 4.17.3 has an integer overflow via a large relative
timeout because ktime_add_safe is not used.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
145647 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-10853
DESCRIPTION: A flaw was found in the way Linux kernel KVM hypervisor before
4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check
current privilege(CPL) level while emulating unprivileged instructions. An
unprivileged guest user/process could use this flaw to potentially escalate
privileges inside guest.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
149311 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-9517
DESCRIPTION: In pppol2tp_connect, there is possible memory corruption due to
a use after free. This could lead to local escalation of privilege with System
execution privileges needed. User interaction is not needed for exploitation.
Product: Android. Versions: Android kernel. Android ID: A-38159931.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
154088 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-9516
DESCRIPTION: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a
possible out of bounds write due to a missing bounds check. This could lead to
local escalation of privilege with System execution privileges needed. User
interaction is not needed for exploitation. Product: Android Versions: Android
kernel Android ID: A-71361580.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
152645 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-9363
DESCRIPTION: In the hidp_process_report in bluetooth, there is an integer
overflow. This could lead to an out of bounds write with no additional
execution privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android kernel Android ID: A-65853588 References:
Upstream kernel.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
152659 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-8087
DESCRIPTION: Memory leak in the hwsim_new_radio_nl function in drivers/net/
wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users
to cause a denial of service (memory consumption) by triggering an out-of-array
error case.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
140255 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-7755
DESCRIPTION: An issue was discovered in the fd_locked_ioctl function in
drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver
will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An
attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to
discover the location of kernel code and data and bypass kernel security
protections such as KASLR.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
140065 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2019-11811
DESCRIPTION: An issue was discovered in the Linux kernel before 5.0.4. There
is a use-after-free upon attempted read access to /proc/ioports after the
ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers
/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
160666 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11085
DESCRIPTION: Insufficient input validation in Kernel Mode Driver in Intel(R)
i915 Graphics for Linux before version 5.0 may allow an authenticated user to
potentially enable escalation of privilege via local access.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
161219 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-16884
DESCRIPTION: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+
shares mounted in different network namespaces at the same time can make
bc_svc_process() use wrong back-channel IDs and cause a use-after-free
vulnerability. Thus a malicious container user can cause a host kernel memory
corruption and a system panic. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
154449 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H)
CVEID: CVE-2018-16871
DESCRIPTION: A flaw was found in the Linux kernel's NFS implementation, all
versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount
an exported NFS filesystem, is able to trigger a null pointer dereference by
using an invalid NFS sequence. This can panic the machine and deny access to
the NFS server. Any outstanding disk writes to the NFS server will be lost.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
162047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-1125
DESCRIPTION: An information disclosure vulnerability exists when certain
central processing units (CPU) speculatively access memory, aka 'Windows Kernel
Information Disclosure Vulnerability'. This CVE ID is unique from
CVE-2019-1071, CVE-2019-1073.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
162990 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
Affected Products and Versions
. IBM QRadar 7.3.0 to 7.3.2 Patch 4
Remediation/Fixes
IBM QRadar/QRM/QVM/QRIF/QNI 7.3.2 Patch 5
Get Notified about Future Security Bulletins
Subscribe to My Notifications to be notified of important product support
alerts like this.
References
Complete CVSS v3 Guide
On-line Calculator v3
Off
Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Change History
06 Nov 2019: Initial Publication
*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the impact of
this vulnerability in their environments by accessing the links in the
Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the
Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY
OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF
ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXcOfuWaOgq3Tt24GAQjxUw//TW+8uj7O0coRmTOWjtEew5jJls4m4Sht
7298aN4bp6HPB4BD6x7mPuNty65S7VewSymjUvXdHaTrDcBJ9DKbLtNc6N8C80dl
wSkxW6BZRRf5VMqumiOIvVbMoK84S8LxJKLX1zbzHtMKikzpouygaN/2eeINyMIH
oQ51sPE8ZHZk89qBh401FwWkBV5f6tGkh4e+6OLr5G4aVb/bDAAYWyWo5u2Lk2MJ
TUCYw5zLT0OYAzKEDb+L0KTHCZFYXiPq79G0GuS9oY4dMJD9/XMf7ZFL8CRU2/ia
2fnWPmxXZJ684jfKkC9gTH0Wx1G+FyR8COhjfmcGlVWC42rmB9Cg1A72lVyeKzlC
pGhUk7eASoOxF3cG8y3c4KHKqdauJsymOQ7Ccs8mAc/P7o+fKnPGzlhzHRrVD2Mv
XkBik0K1hM+aiKQuvNP2vFzWSM0bCYoiBSdRw8ps8b3OoURTlLJd/nQqpJQdVJj4
0IXlvyMgFHsD2LKHroHvqKY6JC6os/Lrpb1flD8nH0VsLs4HYW00dtwO+WdVEY2J
fgVz/usO0//T2PAl48ezKTPrBPw5IZpTi2V0qkhH9LFpg2Q0hcU+hJdDvskLflLi
1J5U+8NkzfHQcJs4WIQkAhKHo56ymzMTfAG8F/XKQHFRPDgGjRJYH7bXO1aEn7jL
qsDqufAAiag=
=YKc1
-----END PGP SIGNATURE-----