Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1570770E4ADC4A6356C51119AE71857F548B42CA681FCD89E7A01233309FB242
HistoryOct 18, 2019 - 3:36 a.m.

Security Bulletin: Open Source Libvorbis, Patch and Python-paramiko vulnerabilities affect IBM Netezza Host Management

2019-10-1803:36:34
www.ibm.com
10

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

Open Source Libvorbis Patch and Python-paramiko is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2018-7750
**DESCRIPTION:*Paramiko could allow a remote attacker to bypass security restrictions, caused by improper authentication in the transport.py in the SSH server implementation. An attacker could exploit this vulnerability to bypass the authentication process.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140334&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2018-1000156
**DESCRIPTION:*GNU Patch could allow a remote attacker to execute arbitrary code on the system, caused by an input validation error when processing patch files. An attacker could exploit this vulnerability using a patch file processed via the patch utility to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141283&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2018-5146
**DESCRIPTION:*libvorbis, as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory write. By persuading a victim to open a specially-crafted media file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the browser to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140404&gt; for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

  • IBM Netezza Host Management 5.4.5.0 - 5.4.20.0

Remediation/Fixes

To resolve the reported CVEs for Red Hat Enterprise Linux (RHEL) on following platforms :

PureData System for Analytics N3001
PureData System for Analytics N200x

Update to the following IBM Netezza Host Management release :

Product VRMF Remediation / First Fix
IBM Netezza Host Management 5.4.21.0 Link to Fix Central

The Netezza Host Management software contains the latest RHEL updates for the operating systems certified for use on IBM Netezza/PureData System for Analytics appliances. IBM recommends upgrading to the latest Netezza Host Management version to ensure that your hosts have the latest fixes, security changes, and operating system updates. IBM Support can assist you with planning for the Netezza Host Management and operating system upgrades to your appliances.

For more details on IBM Netezza Host Management security patching:

CPENameOperatorVersion
ibm puredata systemeqany

Related

nessus 68
photon 1
ibm 4
debian 3
osv 6
openvas 33
slackware 1
redhat 18
cgr 1
wolfi 1
prion 2
oraclelinux 5
fedora 8
veracode 5
cve 2
mageia 2
redhatcve 2
alpinelinux 2
packetstorm 2
centos 6
cbl_mariner 3
exploitpack 2
suse 3
amazon 3
ubuntucve 2
ubuntu 4
zdt 2
github 1
debiancve 2
android 1
archlinux 1
cloudfoundry 1
checkpoint_advisories 1
zdi 1
nessus
nessus
Photon OS 1.0: Patch PHSA-2018-1.0-0142
2019-02-07 00:00:00
RHEL 7 : patch (RHSA-2018:2091)
2018-06-28 00:00:00
Oracle Linux 6 : patch (ELSA-2018-1199)
2018-04-24 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0142
2018-05-25 00:00:00
ibm
ibm
Security Bulletin: A vulnerability in patch affects PowerKVM
2018-07-07 00:04:20
Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities (patch) vulnerability
2018-12-19 20:15:02
Security Bulletin: A security vulnerability has been identified in paramiko shipped with IBM Cloud Manager with OpenStack (CVE-2018-7750)
2018-08-08 04:13:55
debian
debian
[SECURITY] [DLA 1348-1] patch security update
2018-04-16 11:15:52
[SECURITY] [DSA 4140-1] libvorbis security update
2018-03-16 19:50:51
[SECURITY] [DSA 4140-1] libvorbis security update
2018-03-16 19:50:51
osv
osv
patch - security update
2018-04-16 00:00:00
CVE-2018-7750
2018-03-13 18:29:00
Paramiko not properly checking authentication before processing other requests
2018-07-12 20:29:30
openvas
openvas
CentOS Update for patch CESA-2018:1200 centos7
2018-06-05 00:00:00
Debian: Security Advisory (DLA-1348-1)
2018-04-16 00:00:00
Slackware: Security Advisory (SSA:2018-096-01)
2022-04-21 00:00:00
slackware
slackware
[slackware-security] patch
2018-04-07 00:25:33
redhat
redhat
(RHSA-2018:1199) Important: patch security update
2018-04-23 16:30:19
(RHSA-2018:0591) Critical: python-paramiko security and bug fix update
2018-03-26 14:34:26
(RHSA-2018:1213) Low: python-paramiko security update
2018-04-24 08:55:50
cgr
cgr
CVE-2018-1000156 vulnerabilities
2024-04-27 03:20:18
wolfi
wolfi
CVE-2018-1000156 vulnerabilities
2024-04-27 03:16:47
prion
prion
Authentication flaw
2018-03-13 18:29:00
Design/Logic Flaw
2018-06-11 21:29:00
oraclelinux
oraclelinux
python-paramiko security update
2018-04-12 00:00:00
patch security update
2018-04-23 00:00:00
patch security update
2018-04-23 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: python-paramiko-2.3.2-1.fc27
2018-04-01 03:30:49
[SECURITY] Fedora 28 Update: python-paramiko-2.4.1-1.fc28
2018-03-30 13:35:13
[SECURITY] Fedora 28 Update: patch-2.7.6-4.fc28
2018-05-09 21:28:51
veracode
veracode
Authentication Bypass
2018-03-14 03:11:28
Authentication Bypass
2019-01-15 09:21:17
Arbitrary Code Execution
2019-01-15 09:22:55
cve
cve
CVE-2018-7750
2018-03-13 18:29:00
CVE-2018-5146
2018-06-11 21:29:00
mageia
mageia
Updated python-paramiko packages fix security vulnerability
2018-04-15 16:33:47
Updated libvorbis packages fix security vulnerability
2018-03-19 15:13:14
redhatcve
redhatcve
CVE-2018-7750
2020-04-08 21:02:41
CVE-2018-5146
2018-03-16 17:48:59
alpinelinux
alpinelinux
CVE-2018-7750
2018-03-13 18:29:00
CVE-2018-5146
2018-06-11 21:29:00
packetstorm
packetstorm
Paramiko 2.4.1 Authentication Bypass
2018-10-29 00:00:00
Nutanix AOS And Prism SFTP Authentication Bypass
2018-10-30 00:00:00
centos
centos
patch security update
2018-05-02 12:03:45
patch security update
2018-05-30 18:24:23
python security update
2018-05-02 12:05:32
cbl_mariner
cbl_mariner
CVE-2018-1000156 affecting package patch 2.7.6-9
2024-03-19 17:21:46
CVE-2018-1000156 affecting package patch 2.7.6-7
2020-09-09 06:09:14
CVE-2018-1000156 affecting package patch 2.7.6-8
2022-04-09 06:51:43
exploitpack
exploitpack
Nutanix AOS Prism 5.5.5 (LTS) 5.8.1 (STS) - SFTP Authentication Bypass
2018-10-30 00:00:00
Paramiko 2.4.1 - Authentication Bypass
2018-10-29 00:00:00
suse
suse
Security update for python-paramiko (important)
2018-03-24 00:10:57
Security update for python-paramiko (important)
2018-04-04 18:07:45
Security update for python-paramiko (important)
2018-03-29 18:08:31
amazon
amazon
Critical: python-paramiko
2018-04-05 16:41:00
Critical: libvorbis
2018-03-22 22:02:00
Critical: libvorbis
2018-04-05 15:57:00
ubuntucve
ubuntucve
CVE-2018-7750
2018-03-13 00:00:00
CVE-2018-5146
2018-03-16 00:00:00
ubuntu
ubuntu
Paramiko vulnerability
2018-03-20 00:00:00
Paramiko vulnerability
2018-03-20 00:00:00
Firefox vulnerability
2018-03-16 00:00:00
zdt
zdt
Paramiko 2.4.1 - Authentication Bypass Exploit
2018-10-29 00:00:00
Nutanix AOS & Prism < 5.5.5 (LTS) / < 5.8.1 (STS) SFTP Authentication Bypass Vulnerability
2018-10-30 00:00:00
github
github
Paramiko not properly checking authentication before processing other requests
2018-07-12 20:29:30
debiancve
debiancve
CVE-2018-7750
2018-03-13 18:29:00
CVE-2018-5146
2018-06-11 21:29:00
android
android
CVE-2018-5146
2018-06-01 00:00:00
archlinux
archlinux
[ASA-201803-13] firefox: arbitrary code execution
2018-03-18 00:00:00
cloudfoundry
cloudfoundry
USN-3604-1: libvorbis vulnerability | Cloud Foundry
2018-05-02 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Vorbis Audio Residue Codebook Out of Bounds Write (CVE-2018-5146)
2018-05-14 00:00:00
zdi
zdi
(Pwn2Own) Mozilla Firefox libvorbis OGG Decoding Out-Of-Bounds Write Remote Code Execution Vulnerability
2018-03-23 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for 1570770E4ADC4A6356C51119AE71857F548B42CA681FCD89E7A01233309FB242
nessus68photon1ibm4debian3osv6openvas33slackware1redhat18cgr1wolfi1prion2oraclelinux5fedora8veracode5cve2mageia2redhatcve2alpinelinux2packetstorm2centos6cbl_mariner3exploitpack2suse3amazon3ubuntucve2ubuntu4zdt2github1debiancve2android1archlinux1cloudfoundry1checkpoint_advisories1zdi1