-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0043
         Security Bulletin: Potential disclosure of information in
                  IBM DataPower Gateway (CVE-2018-14348)
                              3 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM DataPower Gateway
Publisher:         IBM
Operating System:  Network Appliance
Impact/Access:     Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-14348  

Reference:         ESB-2019.4712
                   ESB-2019.2979
                   ESB-2018.2489
                   ESB-2018.2446

Original Bulletin: 
   https://www.ibm.com/support/pages/node/1167190
   https://www.ibm.com/support/pages/node/1167202
   https://www.ibm.com/support/pages/node/1167184
   https://www.ibm.com/support/pages/node/1167196

Comment: This bulletin contains four (4) IBM security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Potential side-channel cryptographic vulnerabilities in IBM DataPower Gateway

Security Bulletin

Summary

IBM DataPower Gateway is potentially vulnerable to two side-channel attacks
(CVE-2018-0495, CVE-2018-12404)

Vulnerability Details

CVEID: CVE-2018-0495
DESCRIPTION: Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a
memory-cache side-channel attack on ECDSA signatures that can be mitigated
through the use of blinding during the signing process in the
_gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the
Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs
access to either the local machine or a different virtual machine on the same
physical host.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
144828 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2018-12404
DESCRIPTION: A cached side channel attack during handshakes using RSA
encryption could allow for the decryption of encrypted content. This is a
variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack)
and affects all NSS versions prior to NSS 3.41.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
155087 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

+---------------------+---------------------+
|Affected Product(s)  |Version(s)           |
+---------------------+---------------------+
|IBM DataPower Gateway|2018.4.1.0-2018.4.1.8|
+---------------------+---------------------+
|IBM DataPower Gateway|7.6.0.0-7.6.0.17     |
+---------------------+---------------------+

Remediation/Fixes

+-----------------------+------------+-------+
|Affected Product(s)    |Fix Version |APAR   |
+-----------------------+------------+-------+
|IBM DataPower Gateway  |2018.4.1.9  |IT30949|
+-----------------------+------------+-------+
|IBM DataPower Gateway  |7.6.0.18    |IT30949|
+-----------------------+------------+-------+

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

- -------------------------------------------------------------------------------


Vulnerabities in SSL in IBM DataPower Gateway

Security Bulletin

Summary

IBM DataPower Gateway has addressed two CVEs relating to SSL: CVE-2019-1559 &
CVE-2018-0734

Vulnerability Details

CVEID: CVE-2019-1559
DESCRIPTION: If an application encounters a fatal protocol error and then calls
SSL_shutdown() twice (once to send a close_notify, and once to receive one)
then OpenSSL can respond differently to the calling application if a 0 byte
record is received with invalid padding compared to if a 0 byte record is
received with an invalid MAC. If the application then behaves differently based
on that in a way that is detectable to the remote peer, then this amounts to a
padding oracle that could be used to decrypt data. In order for this to be
exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites
are optimised implementations of certain commonly used ciphersuites. Also the
application must call SSL_shutdown() twice even if a protocol error has
occurred (applications should not do this but some do anyway). Fixed in OpenSSL
1.0.2r (Affected 1.0.2-1.0.2q).
CVSS Base score: 5.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
157514 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)

CVEID: CVE-2018-0734
DESCRIPTION: The OpenSSL DSA signature algorithm has been shown to be
vulnerable to a timing side channel attack. An attacker could use variations in
the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a
(Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in
OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
152085 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

+---------------------+--------------------+
|Affected Product(s)  |Version(s)          |
+---------------------+--------------------+
|IBM DataPower Gateway|2018.4.1.-2018.4.1.8|
+---------------------+--------------------+
|IBM DataPower Gateway|7.6.0.0-7.6.0.17    |
+---------------------+--------------------+

Remediation/Fixes

Affected Product      Fixed in version APAR
IBM DataPower Gateway 7.6.0.18         IT30948
IBM DataPower Gateway 2018.4.1.9       IT30948

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

- -------------------------------------------------------------------------------

IBM DataPower Gateway is potentially vulnerable to two cryptographic side-
channel vulnerabilities in SSL.

Security Bulletin

Summary

Side-channel vulnerabilities in SSL (CVE-2019-1563, CVE-2019-1547) potentially
affect IBM DataPower Gateway

Vulnerability Details

CVEID: CVE-2019-1563
DESCRIPTION: In situations where an attacker receives automated notification of
the success or failure of a decryption attempt an attacker, after sending a
very large number of messages to be decrypted, can recover a CMS/PKCS7
transported encryption key or decrypt any RSA encrypted message that was
encrypted with the public RSA key, using a Bleichenbacher padding oracle
attack. Applications are not affected if they use a certificate together with
the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the
correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected
1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in
OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
167022 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2019-1547
DESCRIPTION: Normally in OpenSSL EC groups always have a co-factor present and
this is used in side channel resistant code paths. However, in some cases, it
is possible to construct a group using explicit parameters (instead of using a
named curve). In those cases it is possible that such a group does not have the
cofactor present. This can occur even where all the parameters match a known
named curve. If such a curve is used then OpenSSL falls back to non-side
channel resistant code paths which may result in full key recovery during an
ECDSA signature operation. In order to be vulnerable an attacker would have to
have the ability to time the creation of a large number of signatures where
explicit parameters with no co-factor present are in use by an application
using libcrypto. For the avoidance of doubt libssl is not vulnerable because
explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected
1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in
OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
167020 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

+---------------------+---------------------+
|Affected Product(s)  |Version(s)           |
+---------------------+---------------------+
|IBM DataPower Gateway|2018.4.1.0-2018.4.1.8|
+---------------------+---------------------+
|IBM DataPower Gateway|7.6.0.0-7.6.0.17     |
+---------------------+---------------------+

Remediation/Fixes

+---------------------+-----------+-------+
|Affected Product(s)  |Fix Version|APAR   |
+---------------------+-----------+-------+
|IBM DataPower Gateway|2018.4.1.9 |IT30950|
+---------------------+-----------+-------+
|IBM DataPower Gateway|7.6.0.18   |IT30950|
+---------------------+-----------+-------+

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

- -------------------------------------------------------------------------------

Potential disclosure of information in IBM DataPower Gateway (CVE-2018-14348)

Security Bulletin

Summary

IBM DataPower Gateway has addressed CVE 2018-14348

Vulnerability Details

CVEID: CVE-2018-14348
DESCRIPTION: libcgroup up to and including 0.41 creates /var/log/cgred with
mode 0666 regardless of the configured umask, leading to disclosure of
information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
148451 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

+---------------------+---------------------+
|Affected Product(s)  |Version(s)           |
+---------------------+---------------------+
|IBM DataPower Gateway|2018.4.1.0-2018.4.1.8|
+---------------------+---------------------+
|IBM DataPower Gateway|7.6.0.0-7.6.0.17     |
+---------------------+---------------------+

Remediation/Fixes

Affected Product      Fixed in version APAR
IBM DataPower Gateway 7.6.0.18         IT30947
IBM DataPower Gateway 2018.4.1.9       IT30947

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXg67v2aOgq3Tt24GAQi0Mg/9G0KHIE5Haz1h/ouH7EU8XXd7btXCdOlw
sO1NG/fbmBO2LH+tyIhoOhtx3hEKNpIBTfwt3VahFCR/kwE8EHtDKI4RUr106k2G
6fckYV5ZEyD7a+ucgUOl1/5IL+++irgHAtiaviTbOJ9YDPFPnl/SvP7XwSrvsoT2
l/Obe2mYx0OgqWoPRSjKKsD2Qk5MfwT+Z7xGQjzZxuEQ2NT63m88LyLSEts7tHdj
Nk2AFZRtOVy0SgTYY/w+i6CTsKoWe5X5FeBZ61VnX8o4K+V5igvHl421j/TzrXxG
Sxq83S5/NPGp9L8waJMV3g7brUB8//Xe6wZO3zK9eUTGJ3b4riicSOKu1s/UQVOG
jqEKR0Ka43lZQHY/7TzQPogScoItbL2AtBT/IL9c6xPkUHEca819H7aNZdg6vnZi
MfFPRm5rqo1LFn2ds2d8o2lnuIgFGvlJtw/ny7B/nkfR/rHBIqPv12t8+OSsHtdS
U0To5cR9JdapPuRIPvdd7QOaquoeBKPKJYtP2rk+8EdvsCtF/0sbwfQRgpItuE5U
rVqjSpGClAAoCrGta6Ds6HrH9uBfb/rRwBleWiX5+oeEQdfrIhrkXxmvOnyzfXqx
pQv8H/L5JcpOVIFJaDWSCqxWOzBg/NIjx+ixjzBusgNSn4mAQyjtR7UHPaEPmRmu
23nz4t85Rew=
=9VtA
-----END PGP SIGNATURE-----