Operating System:

[Appliance]

Published:

23 November 2022

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.6112
        Security Bulletin: IBM QRadar Network Security is affected
                       by multiple vulnerabilities.
                             23 November 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM QRadar
Publisher:         IBM
Operating System:  Network Appliance
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-22942 CVE-2022-1271 CVE-2021-43527
                   CVE-2021-4155 CVE-2021-3573 CVE-2021-3347
                   CVE-2021-0920 CVE-2020-35513 CVE-2020-25643
                   CVE-2020-25212 CVE-2020-24394 CVE-2020-15436
                   CVE-2020-14385 CVE-2020-14331 CVE-2020-14314
                   CVE-2020-10942 CVE-2020-10769 CVE-2020-8648
                   CVE-2020-0466 CVE-2020-0465 CVE-2019-20811
                   CVE-2019-18282 CVE-2018-25032 

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6840945

Comment: CVSS (Max):  9.8 CVE-2021-43527 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: IBM
         Calculator:  https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

- --------------------------BEGIN INCLUDED TEXT--------------------

IBM QRadar Network Security is affected by multiple vulnerabilities.

Document Information

Document number    : 6840945
Modified date      : 22 November 2022
Product            : IBM QRadar Network Security
Software version   : 5.4.0.17, 5.5.0.12
Operating system(s): Firmware

Summary

IBM QRadar Network Security has addressed the following vulnerabilities by
updating the associated components. (CVE-2022-1271, CVE-2019-18282,
CVE-2019-20811, CVE-2020-0465, CVE-2020-0466, CVE-2020-10769, CVE-2020-10942,
CVE-2020-14314, CVE-2020-14331, CVE-2020-14385, CVE-2020-15436, CVE-2020-24394,
CVE-2020-25212, CVE-2020-25643, CVE-2020-35513, CVE-2020-8648, CVE-2021-0920,
CVE-2021-3347, CVE-2021-3573, CVE-2021-4155, CVE-2022-22942, CVE-2021-43527,
CVE-2018-25032 )

Vulnerability Details

CVEID: CVE-2018-25032
DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory
corruption in the deflate operation. By using many distant matches, a remote
attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
222615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2022-1271
DESCRIPTION: GNU gzip could allow a remote authenticated attacker to bypass
security restrictions, caused by improper validation of file name by the zgrep
utility. By using a specially-crafted file name, an attacker could exploit this
vulnerability to write arbitrary files on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
223754 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-18282
DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive
information, caused by a device tracking vulnerability in flow_dissector
feature. By sending a specially crafted request, an attacker could exploit this
vulnerability to obtain sensitive information and then use this information to
launch further attacks against the affected system.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
174716 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2019-20811
DESCRIPTION: Linux Kernel could provide weaker than expected security, caused
by mishandling of reference count in the rx_queue_add_kobject() and
netdev_queue_add_kobject() in net/core/net-sysfs.c. A local attacker could
exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
183253 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2020-0465
DESCRIPTION: Google Android could allow a local attacker to gain elevated
privileges on the system, caused by an out-of-bounds write in various methods
of hid-multitouch.c. By executing a specially-crafted program, an attacker
could exploit this vulnerability to escalate privileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
193398 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2020-0466
DESCRIPTION: Google Android could allow a local attacker to gain elevated
privileges on the system, caused by a logic error in do_epoll_ctl and
ep_loop_check_proc of eventpoll.c. By executing a specially-crafted program, an
attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
193397 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2020-10769
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
buffer over-read in the crypto_authenc_extractkeys function in crypto/
authenc.c. By sending a specially-crafted request, a local authenticated
attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
183857 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2020-10942
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by
improper validation of an sk_family field by the get_raw_socket function in
drivers/vhost/net.c. By sending specially-crafted system calls, a local
attacker could exploit this vulnerability to cause a kernel stack corruption
resulting in a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
178539 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2020-14314
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
memory out-of-bounds read flaw. By sending a specially crafted request, a local
attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
188395 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2020-14331
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain
elevated privileges on the system, caused by an out-of-bounds write flaw in the
implementation of the invert video code on VGA consoles. By sending a
specially-crafted request to resize the console, an authenticated attacker
could exploit this vulnerability to gain elevated privileges or crash the
system.
CVSS Base score: 6.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
185987 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2020-14385
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
failure of the file system metadata validator in XFS. By sending a specially
crafted request, a local attacker could exploit this vulnerability to cause the
system to shutdown.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
188394 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2020-15436
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain
elevated privileges on the system, caused by a use-after-free flaw in fs/
block_dev.c. By sending a specially-crafted request, an authenticated attacker
could exploit this vulnerability to gain elevated privileges, or cause a denial
of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
192171 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2020-24394
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to bypass
security restrictions, caused by the lack of ACL support to the filesystems in
fs/nfsd/vfs.c (in the NFS server). By sending a specially-crafted request, an
attacker could exploit this vulnerability to set incorrect permissions on new
filesystem objects.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
186968 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2020-25212
DESCRIPTION: Linux Kernel could allow a local attacker to execute arbitrary
code on the system, caused by a TOCTOU mismatch in the NFS client code. By
sending a specially crafted request, an attacker could exploit this
vulnerability to execute arbitrary code or corrupt memory.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
188137 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2020-25643
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
memory corruption and a read overflow flaws in the ppp_cp_parse_cr function in
the HDLC_PPP module. By sending a specially-crafted request, a local attacker
could exploit this vulnerability to cause the system to crash or a denial of
service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
189415 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2020-35513
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
flaw with incorrectly umask during file or directory modification in the NFS
(network file system) function. By sending a specially-crafted request, a local
authenticated attacker could exploit this vulnerability to cause a denial of
service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
195545 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2020-8648
DESCRIPTION: Linux kernel could allow a remote attacker to obtain sensitive
information, caused by a use-after-free in the n_tty_receive_buf_common
function of drivers/tty/n_tty.c. An attacker could exploit this vulnerability
to read memory that should not be available for access.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
175843 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2021-0920
DESCRIPTION: Google Android could allow a local attacker to gain elevated
privileges on the system, caused by a use after free flaw due to a race
condition in unix_scm_to_skb of af_unix.c. By executing a specially-crafted
program, an attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
215673 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2021-3347
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain
elevated privileges on the system, caused by a kernel stack use-after-free
during fault handling in PI futexes. An attacker could exploit this
vulnerability to gain elevated privileges and execute arbitrary code in the
kernel.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
195798 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2021-3573
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
use-after-free flaw in the hci_sock_bound_ioctl function. By sending a
specially-crafted request, a local attacker could exploit this vulnerability to
cause the kernel to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
203249 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2021-4155
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain
sensitive information, caused by data leak flaw in the way how XFS_IOC_ALLOCSP
IOCTL in the XFS filesystem is allowed for size increase of files with
unaligned size. By sending a specially-crafted request, an attacker could
exploit this vulnerability to obtain sensitive information on the XFS
filesystem, and use this information to launch further attacks against the
affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
216919 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2022-22942
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain
sensitive information, caused by improper file descriptor handling in the
vmwgfx driver. By sending a specially-crafted ioctl call, an attacker could
exploit this vulnerability to gain access to files opened by other processes on
the system, and use this information to launch further attacks against the
affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
218323 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2021-43527
DESCRIPTION: Mozilla Network Security Services (NSS), as used in Mozilla
Firefox is vulnerable to a heap-based buffer overflow, caused by improper
bounds checking when handling DER-encoded DSA or RSA-PSS signatures. By sending
an overly long signature, a remote attacker could overflow a buffer and execute
arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
214347 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

+---------------------------+------------+
|Affected Product(s)        |Version(s)  |
+---------------------------+------------+
|IBM QRadar Network Security|5.4.0, 5.5.0|
+---------------------------+------------+

Remediation/Fixes

IBM strongly encourages customers to update their systems promptly.
+------------+-----+----------------------------------------------------------+
|Product     |VRMF |Remediation/First Fix                                     |
+------------+-----+----------------------------------------------------------+
|            |     |Install Firmware 5.4.0.17 from the Available Updates page |
|            |     |of the Local Management Interface, or by performing a One |
|            |     |Time Scheduled Installation from SiteProtector.           |
|            |     |Or                                                        |
|IBM QRadar  |     |Download Firmware 5.4.0.17 from IBM Security License Key  |
|Network     |     |and Download Center and upload and install via the        |
|Security    |5.4.0|Available Updates page of the Local Management Interface. |
+------------+-----+----------------------------------------------------------+
|            |     |Install Firmware 5.5.0.12 from the Available Updates page |
|            |     |of the Local Management Interface, or by performing a One |
|            |     |Time Scheduled Installation from SiteProtector.           |
|            |     |Or                                                        |
|IBM QRadar  |     |Download Firmware 5.5.0.12 from IBM Security License Key  |
|Network     |     |and Download Center and upload and install via the        |
|Security    |5.5.0|Available Updates page of the Local Management Interface. |
+------------+-----+----------------------------------------------------------+

Workarounds and Mitigations

None

Change History

22 Nov 2022: Initial Publication

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY32UiskNZI30y1K9AQiH3A//YDJkV2UEl41xwaHMolAcKzeUfBg42+9j
/OHINd9davsWzkZkxq5TKoFzusGvwkmGLRPnj9B39qb7GllZReDQgtr1M5NjUDSV
cfGlcQ51uL9NtGadx38RB1A+SpE/UtiGVzGRgHqNPbXmpktJiv5WdCzJJSGyRgRJ
gqrR7Kwf3kbctQKBrcTIzyY2oULHvWDyVHy2eFKUDP2FQbMh4miS84h1zMBrFzwH
P9yR9d5SJXn3dKyH1YDDfiJb8i3KSPFTp3KcmTheQR66hLYQmXrxn6FMQRseAohC
INX+2b8CGNuvZOgtaI+76QQ0pn3nepxhSl/gVHeJtju79Nt4jHQvYuT9/Pqf7oef
HVT5hZbsM6Y0G0Nni3HH6T6FI3OvGMdeznVgZxgjoKWiUWgBZZ0FY7HwSmc/UCk+
XTjktxdHiv1ka8aPEseNWwdgYz+nuJHhcMo6p0SfxgbfFHumt5IOa8D3ruyDgjM9
yFvAGFYveNydHvAX5/3ITSGAWNDIeu9attoTQEbIWAYCU7zBLiZJIYQYe1vxXVvg
/gt0yR5+r9ED9byPsETolePU54jnlvuLWyViSqXN1iQNwvWUKmiSngM+osbvRdZl
spnxIpkLjE3AnpcKCfM7FsufnYZd8i18rh0VyVsNQSGHXyHnUPxWjVFuZFYxBvdo
zZwT9YG+OBw=
=OGUB
-----END PGP SIGNATURE-----