Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM00C2F0C266A2DFF8CE00D64022FC5C4061D77B8B810F081F887B87A98B86BB48
HistoryOct 18, 2019 - 3:36 a.m.

Security Bulletin: Multiple vulnerabilities in Open Source Libreswan affect IBM Netezza Host Management

2019-10-1803:36:34
www.ibm.com
13

0.005 Low

EPSS

Percentile

75.4%

JSON

Summary

Open Source Libreswan is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2019-12312 DESCRIPTION: Libreswan is vulnerable to a denial of service, caused by a NULL pointer dereference in the send_v2N_spi_response_from_state function in ikev2_send.c. By sending two IKEv2 packets in 3des_cbc mode, a remote attacker could exploit this vulnerability to cause the pluto IKE daemon to restart.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161562&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2019-10155 DESCRIPTION: Libreswan could provide weaker than expected security, caused by missing integrity checking in the processing of IKEv1 informational exchange packets. A remote authenticated attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162652&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

  • IBM Netezza Host Management 5.4.7.0 - 5.4.24.0

Remediation/Fixes

To resolve the reported CVEs for Red Hat Enterprise Linux (RHEL) on PureData System for Analytics N3001 and PureData System for Analytics N200x, update to the following IBM Netezza Host Management release:

Product VRMF Remediation/First Fix
IBM Netezza Host Management 5.4.25.0 Link to Fix Central

The Netezza Host Management software contains the latest RHEL updates for the operating systems certified for use on IBM Netezza/PureData System for Analytics appliances. IBM recommends upgrading to the latest Netezza Host Management version to ensure that your hosts have the latest fixes, security changes, and operating system updates. IBM Support can assist you with planning for the Netezza Host Management and operating system upgrades to your appliances.

For more details on IBM Netezza Host Management security patching:
Red Hat Enterprise Linux (RHEL) Security Patching for IBM PureData System for Analytics appliances

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm puredata systemeqany

Related

nessus 12
rosalinux 1
fedora 2
openvas 7
redhat 1
prion 2
ubuntucve 2
debiancve 2
alpinelinux 2
osv 2
mageia 1
cve 2
redhatcve 2
veracode 2
cvelist 2
nvd 2
oraclelinux 1
nessus
nessus
CentOS 8 : libreswan (CESA-2019:3391)
2021-01-29 00:00:00
RHEL 8 : libreswan (RHSA-2019:3391)
2019-11-06 00:00:00
EulerOS 2.0 SP8 : libreswan (EulerOS-SA-2020-1865)
2020-08-28 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1887
2021-07-02 17:16:26
fedora
fedora
[SECURITY] Fedora 30 Update: libreswan-3.29-1.fc30
2019-06-13 01:15:10
[SECURITY] Fedora 29 Update: libreswan-3.29-1.fc29
2019-06-18 21:19:37
openvas
openvas
Fedora Update for libreswan FEDORA-2019-f7fb531958
2019-06-13 00:00:00
Fedora Update for libreswan FEDORA-2019-1bd9cfb718
2019-06-19 00:00:00
Huawei EulerOS: Security Advisory for libreswan (EulerOS-SA-2020-1865)
2020-08-31 00:00:00
redhat
redhat
(RHSA-2019:3391) Low: libreswan security and bug fix update
2019-11-05 17:40:14
prion
prion
Null pointer dereference
2019-05-24 14:29:00
Design/Logic Flaw
2019-06-12 14:29:00
ubuntucve
ubuntucve
CVE-2019-12312
2019-05-24 00:00:00
CVE-2019-10155
2019-06-12 00:00:00
debiancve
debiancve
CVE-2019-12312
2019-05-24 14:29:00
CVE-2019-10155
2019-06-12 14:29:02
alpinelinux
alpinelinux
CVE-2019-12312
2019-05-24 14:29:00
CVE-2019-10155
2019-06-12 14:29:02
osv
osv
CVE-2019-12312
2019-05-24 14:29:00
CVE-2019-10155
2019-06-12 14:29:02
mageia
mageia
Updated libreswan packages fix security vulnerability
2019-07-21 21:17:27
cve
cve
CVE-2019-10155
2019-06-12 14:29:02
CVE-2019-12312
2019-05-24 14:29:00
redhatcve
redhatcve
CVE-2019-12312
2020-03-31 14:15:57
CVE-2019-10155
2020-04-05 23:08:18
veracode
veracode
Denial Of Service (DoS)
2020-04-07 00:43:50
Denial Of Service (DoS)
2019-11-06 00:20:43
cvelist
cvelist
CVE-2019-12312
2019-05-24 13:06:41
CVE-2019-10155
2019-06-12 13:51:01
nvd
nvd
CVE-2019-12312
2019-05-24 14:29:00
CVE-2019-10155
2019-06-12 14:29:02
oraclelinux
oraclelinux
libreswan security and bug fix update
2019-11-14 00:00:00

0.005 Low

EPSS

Percentile

75.4%

JSON
Related for 00C2F0C266A2DFF8CE00D64022FC5C4061D77B8B810F081F887B87A98B86BB48
nessus12rosalinux1fedora2openvas7redhat1prion2ubuntucve2debiancve2alpinelinux2osv2mageia1cve2redhatcve2veracode2cvelist2nvd2oraclelinux1