Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Manager (FSM)

Summary

Multiple vulnerabilities have been identified in openSSH that is embedded in the IBM FSM. This fix addresses these vulnerabilities

Vulnerability Details

CVEID: CVE-2015-5352**
DESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by an error when making connections after ForwardX11Timeout expired. If X11 connections are forwarded with ForwardX11Trusted=no, an attacker could exploit this vulnerability to bypass XSECURITY restrictions.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104418 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-6563**
DESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105881 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-6564**
DESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105882 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-3115**
DESCRIPTION:** OpenSSH could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied X11 authentication credentials by the sshd server. By sending specially crafted X11 credential data, an attacker could exploit this vulnerability to inject xauth commands and execute arbitrary commands on the system with the privileges of the victim.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111431 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-1908**
DESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by the improper handling of errors when generating authentication cookies for untrusted X11 forwarding. An attacker could exploit this vulnerability to gain access to the target local X server.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110030 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Flex System Manager 1.3.4.x
Flex System Manager 1.3.3.x
Flex System Manager 1.3.2.x

Remediation/Fixes

IBM recommends updating the FSM using the instructions referenced in this table.

Product |

VRMF |

APAR |

Remediation
—|—|—|—
Flex System Manager|

1.3.4.x |

IT16775

| Install fsmfix1.3.4.0_IT16775.
Flex System Manager|

1.3.3.x |

IT16775

| Install fsmfix1.3.3.0_IT16775.
Flex System Manager|

1.3.2.x |

IT16775

| Install fsmfix1.3.2.0_IT16775.

For a complete list of FSM security bulletins refer to this technote: http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex--NULL--E

For 1.1.x.x, 1.2.x.x, 1.3.0.x and 1.3.1.x IBM recommends upgrading to a fixed, supported version/release of the product.

Workarounds and Mitigations

None