Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0936 Security Bulletin: Multiple Security Vulnerabilties have been fixed in the IBM Security Access Manager and IBM Security Verify Access appliances. 17 March 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Security Access Manager Appliance Publisher: IBM Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-17498 CVE-2019-15903 CVE-2019-14834 CVE-2019-5482 CVE-2018-20843 CVE-2017-12652 Reference: ESB-2021.0931 ESB-2021.0386 Original Bulletin: https://www.ibm.com/support/pages/node/6430709 - --------------------------BEGIN INCLUDED TEXT-------------------- Multiple Security Vulnerabilties have been fixed in the IBM Security Access Manager and IBM Security Verify Access appliances. Document Information Document number : 6430709 Modified date : 16 March 2021 Product : IBM Security Access Manager Appliance Software version : 9.0.7.2 Operating system(s): Platform Independent Summary Multiple Security Vulnerabilities have been fixed in both the IBM Security Access Manager and IBM Security Verify Access appliances. Vulnerability Details CVEID: CVE-2019-17498 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when connecting to a malicious SSH server that sends a disconnect message. A remote attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information. CVSS Base score: 6.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 169461 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available CPU resources. CVSS Base score: 3.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 163073 for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2019-15903 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a heap-based buffer over-read in XML_GetCurrentLineNumber. By using a specially-crafted XML input, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 166560 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2017-12652 DESCRIPTION: An unspecified error with improper validation of length of chunks against the user limit in libpng has an unknown impact and attack vector. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 163589 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2019-14834 DESCRIPTION: dnsmasq is vulnerable to a denial of service, caused by a memory leak in the create_helper() function in /src/helper.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the service to crash. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 174256 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-5482 DESCRIPTION: cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftp_receive_packet function. By sending specially-crafted request containing an OACK without the BLKSIZE option, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base score: 6.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/ 166942 for the current score. CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions +--------------------------+----------+ |Affected Product(s) |Version(s)| +--------------------------+----------+ |ISAM |9.0 | +--------------------------+----------+ |IBM Security Verify Access|10.0.0 | +--------------------------+----------+ Remediation/Fixes +------------------------+----------+-------+---------------------------------+ |Affected Product |Fixed VRMF|APAR |Fix Availability | +------------------------+----------+-------+---------------------------------+ |IBM Security Access |9.0.7.2 |IJ30635|interim fix: | |Manager |IF1 | |9.0.7.2-ISS-ISAM-IF0001 | +------------------------+----------+-------+---------------------------------+ |IBM Security Verify |10.0.2.0 |IJ30635|interim fix: | |Access |IF1 | |10.0.1.0-ISS-ISVA-IF0001 | +------------------------+----------+-------+---------------------------------+ Workarounds and Mitigations None Change History 16 Mar 2021: Initial Publication Document Location Worldwide - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYFF/NONLKJtyKPYoAQiv7Q/+JimWd+8Lhu/7EiPbRBbiQi7uxxgeD1yf FBiPtOYiWTU4kL6WYgNd/4FNWoaSTtxZQ3cFE221ff3VkrEiEUKfkqvaZnM4fZGG mRSnum+U5ColxC2TXVSjcmyVU0QGjeL4tlfoDHDDu5eYzCfgM42I2Bq3F809jX4K z4qbDWeRfTtHDtK35bVad9fNW2AUNNZNq6ySTx6H7SL1FWEQJYwSeVxeFrf7oMHJ aCswNftx4HYltdbDD2bTedkI/RhnFmeAOXc6UtBfaB644bvtrJHcfiX3d7KWL8ki 15a7rCPEMUoLbe483sxM78/hAIVeHgzl1L6ar1fgYltkfcjxJZ9WwBgjwvq4TrTv pnNvvTgjILSGHsP2IrCmLMHRWH89/LKaEpfh/ek8jyanHBZT7NbRzDaRndgAkcT5 6QelmPK4E2Cbf8agrAYdsyWSuEXEiaUmY9NMzheMSaecNhMoVRpg/VhMPuctr2/E 4OkfC0/iBMsTLMchb7TFskFkj0oe05h1/szZ2MSnygrurUoEoZ7PL3M4A4RQbEDk E1X8Jkmeb4jfbyEttykAifylIOrdI9+lQdAbEkIpvnKs8rXQXit93cxBuatbjJtS urtyIdcdboyXXiAkVlDMEBnskpaRD4OFKjnQ2uwpfM67z23ETsccfaw+6yc3/1xw 6jFhbf1xhQU= =Q0Vt -----END PGP SIGNATURE-----