Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0043 Security Bulletin: Potential disclosure of information in IBM DataPower Gateway (CVE-2018-14348) 3 January 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM DataPower Gateway Publisher: IBM Operating System: Network Appliance Impact/Access: Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-14348 Reference: ESB-2019.4712 ESB-2019.2979 ESB-2018.2489 ESB-2018.2446 Original Bulletin: https://www.ibm.com/support/pages/node/1167190 https://www.ibm.com/support/pages/node/1167202 https://www.ibm.com/support/pages/node/1167184 https://www.ibm.com/support/pages/node/1167196 Comment: This bulletin contains four (4) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Potential side-channel cryptographic vulnerabilities in IBM DataPower Gateway Security Bulletin Summary IBM DataPower Gateway is potentially vulnerable to two side-channel attacks (CVE-2018-0495, CVE-2018-12404) Vulnerability Details CVEID: CVE-2018-0495 DESCRIPTION: Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. CVSS Base score: 5.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 144828 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2018-12404 DESCRIPTION: A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. CVSS Base score: 5.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155087 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions +---------------------+---------------------+ |Affected Product(s) |Version(s) | +---------------------+---------------------+ |IBM DataPower Gateway|2018.4.1.0-2018.4.1.8| +---------------------+---------------------+ |IBM DataPower Gateway|7.6.0.0-7.6.0.17 | +---------------------+---------------------+ Remediation/Fixes +-----------------------+------------+-------+ |Affected Product(s) |Fix Version |APAR | +-----------------------+------------+-------+ |IBM DataPower Gateway |2018.4.1.9 |IT30949| +-----------------------+------------+-------+ |IBM DataPower Gateway |7.6.0.18 |IT30949| +-----------------------+------------+-------+ Workarounds and Mitigations None Get Notified about Future Security Bulletins References - ------------------------------------------------------------------------------- Vulnerabities in SSL in IBM DataPower Gateway Security Bulletin Summary IBM DataPower Gateway has addressed two CVEs relating to SSL: CVE-2019-1559 & CVE-2018-0734 Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). CVSS Base score: 5.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 157514 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N) CVEID: CVE-2018-0734 DESCRIPTION: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152085 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions +---------------------+--------------------+ |Affected Product(s) |Version(s) | +---------------------+--------------------+ |IBM DataPower Gateway|2018.4.1.-2018.4.1.8| +---------------------+--------------------+ |IBM DataPower Gateway|7.6.0.0-7.6.0.17 | +---------------------+--------------------+ Remediation/Fixes Affected Product Fixed in version APAR IBM DataPower Gateway 7.6.0.18 IT30948 IBM DataPower Gateway 2018.4.1.9 IT30948 Workarounds and Mitigations None Get Notified about Future Security Bulletins References - ------------------------------------------------------------------------------- IBM DataPower Gateway is potentially vulnerable to two cryptographic side- channel vulnerabilities in SSL. Security Bulletin Summary Side-channel vulnerabilities in SSL (CVE-2019-1563, CVE-2019-1547) potentially affect IBM DataPower Gateway Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). CVSS Base score: 3.7 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 167022 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2019-1547 DESCRIPTION: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). CVSS Base score: 5.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 167020 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions +---------------------+---------------------+ |Affected Product(s) |Version(s) | +---------------------+---------------------+ |IBM DataPower Gateway|2018.4.1.0-2018.4.1.8| +---------------------+---------------------+ |IBM DataPower Gateway|7.6.0.0-7.6.0.17 | +---------------------+---------------------+ Remediation/Fixes +---------------------+-----------+-------+ |Affected Product(s) |Fix Version|APAR | +---------------------+-----------+-------+ |IBM DataPower Gateway|2018.4.1.9 |IT30950| +---------------------+-----------+-------+ |IBM DataPower Gateway|7.6.0.18 |IT30950| +---------------------+-----------+-------+ Workarounds and Mitigations None Get Notified about Future Security Bulletins References - ------------------------------------------------------------------------------- Potential disclosure of information in IBM DataPower Gateway (CVE-2018-14348) Security Bulletin Summary IBM DataPower Gateway has addressed CVE 2018-14348 Vulnerability Details CVEID: CVE-2018-14348 DESCRIPTION: libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148451 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions +---------------------+---------------------+ |Affected Product(s) |Version(s) | +---------------------+---------------------+ |IBM DataPower Gateway|2018.4.1.0-2018.4.1.8| +---------------------+---------------------+ |IBM DataPower Gateway|7.6.0.0-7.6.0.17 | +---------------------+---------------------+ Remediation/Fixes Affected Product Fixed in version APAR IBM DataPower Gateway 7.6.0.18 IT30947 IBM DataPower Gateway 2018.4.1.9 IT30947 Workarounds and Mitigations None Get Notified about Future Security Bulletins References - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXg67v2aOgq3Tt24GAQi0Mg/9G0KHIE5Haz1h/ouH7EU8XXd7btXCdOlw sO1NG/fbmBO2LH+tyIhoOhtx3hEKNpIBTfwt3VahFCR/kwE8EHtDKI4RUr106k2G 6fckYV5ZEyD7a+ucgUOl1/5IL+++irgHAtiaviTbOJ9YDPFPnl/SvP7XwSrvsoT2 l/Obe2mYx0OgqWoPRSjKKsD2Qk5MfwT+Z7xGQjzZxuEQ2NT63m88LyLSEts7tHdj Nk2AFZRtOVy0SgTYY/w+i6CTsKoWe5X5FeBZ61VnX8o4K+V5igvHl421j/TzrXxG Sxq83S5/NPGp9L8waJMV3g7brUB8//Xe6wZO3zK9eUTGJ3b4riicSOKu1s/UQVOG jqEKR0Ka43lZQHY/7TzQPogScoItbL2AtBT/IL9c6xPkUHEca819H7aNZdg6vnZi MfFPRm5rqo1LFn2ds2d8o2lnuIgFGvlJtw/ny7B/nkfR/rHBIqPv12t8+OSsHtdS U0To5cR9JdapPuRIPvdd7QOaquoeBKPKJYtP2rk+8EdvsCtF/0sbwfQRgpItuE5U rVqjSpGClAAoCrGta6Ds6HrH9uBfb/rRwBleWiX5+oeEQdfrIhrkXxmvOnyzfXqx pQv8H/L5JcpOVIFJaDWSCqxWOzBg/NIjx+ixjzBusgNSn4mAQyjtR7UHPaEPmRmu 23nz4t85Rew= =9VtA -----END PGP SIGNATURE-----