IBM1748AFA7000433ABA1DFBCFA35FF4A982AFCAB7E54694119B5E68B99E5621F8ASecurity Bulletin: Multiple Vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
Summary
Vulnerabilities CVE-2019-11484, CVE-2019-11485, CVE-2019-11483, CVE-2019-11482 have been found in Ubuntu and potentially affect container images of IBM Workload Scheduler 9.5
Vulnerability Details
CVEID:CVE-2019-11484
**DESCRIPTION:**Ubuntu whoopsie package could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the bson_ensure_space function. By using specially crafted crash reports, an attacker could exploit this vulnerability to execute arbitrary code, obtain sensitive information, or cause a denial of service condition on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176573 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2019-11485
**DESCRIPTION:**Ubuntu Apport package is vulnerable to a denial of service, caused by the mishandling of lock-file creation. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176572 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2019-11483
**DESCRIPTION:**Ubuntu Apport package could allow a local authenticated attacker to bypass security restrictions, caused by the mishandling of crash dumps originating from containers. By sending a specially-crafted request, an attacker could exploit this vulnerability to generate a crash report for a privileged process.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176571 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
CVEID:CVE-2019-11482
**DESCRIPTION:**Ubuntu Apport package could allow a local authenticated attacker to bypass security restrictions, caused by a time of check to time of use (TOCTTOU) flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause core files to be written in arbitrary directories.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/176570 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
IBM Workload Scheduler Distributed 9.5.0 FP01 and earlier
Remediation/Fixes
APAR IJ24525 has been opened to address Ubuntu vulnerabilities affecting IBM Workload Scheduler.
Apar IJ24525 is already included in IBM Workload Scheduler 9.5 FP02, already available on FixCentral.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm workload automation | eq | 9.5 |
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P