Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM265CDFBF45622791D1D4E42A2DF06EBEBC34D26D66133C370423509957E042C2
HistoryJun 16, 2018 - 9:38 p.m.

Security Bulletin: Vulnerabilities in GNU grep utility affect IBM Security Network Protection (CVE-2012-5667, and CVE-2015-1345)

2018-06-1621:38:15
www.ibm.com
10

0.007 Low

EPSS

Percentile

80.8%

JSON

Summary

The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. Security vulnerabilities have been discovered in grep utility used with IBM Security Network Protection.

Vulnerability Details

CVEID: CVE-2015-1345**
DESCRIPTION:** GNU grep is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by an error in kwset.c. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101351 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2012-5667**
DESCRIPTION:** grep is vulnerable to a heap-based buffer overflow, caused by an integer overflow when parsing very long lines. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/80811 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM Security Network Protection 5.2
IBM Security Network Protection 5.3.1
IBM Security Network Protection 5.3.2

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Protection | Firmware version 5.2| Download 5.2.0.0-ISS-XGS-All-Models-Hotfix-FP0013 from IBM Fix Central and upload and install via the Fix Packs page of the Local Management Interface.
IBM Security Network Protection| Firmware version 5.3.1| Download Firmware 5.3.1.6 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.
IBM Security Network Protection| Firmware version 5.3.2| Install Firmware 5.3.2.1 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.

Workarounds and Mitigations

None

Related

oraclelinux 2
openvas 8
nessus 16
redhat 2
veracode 2
amazon 2
ibm 4
centos 2
zdt 2
debiancve 2
prion 2
ubuntucve 2
gentoo 2
nvd 2
cve 2
seebug 1
cvelist 2
packetstorm 1
f5 2
exploitpack 1
archlinux 1
exploitdb 1
oraclelinux
oraclelinux
grep security, bug fix, and enhancement update
2015-07-28 00:00:00
grep security and bug fix update
2015-11-23 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-598)
2015-09-25 00:00:00
Oracle: Security Advisory (ELSA-2015-1447)
2015-10-06 00:00:00
RedHat Update for grep RHSA-2015:1447-01
2015-07-23 00:00:00
nessus
nessus
CentOS 6 : grep (CESA-2015:1447)
2015-07-28 00:00:00
Amazon Linux AMI : grep (ALAS-2015-598)
2015-09-23 00:00:00
RHEL 6 : grep (RHSA-2015:1447)
2015-07-23 00:00:00
redhat
redhat
(RHSA-2015:1447) Low: grep security, bug fix, and enhancement update
2015-07-22 00:00:00
(RHSA-2015:2111) Low: grep security and bug fix update
2015-11-19 14:39:52
veracode
veracode
Denial Of Service (DoS) Through Heap Out-of-Bounds (OOB) Read
2019-05-02 05:41:03
Arbitrary Code Execution
2019-01-15 09:06:47
amazon
amazon
Low: grep
2015-09-22 10:00:00
Low: grep
2016-01-18 11:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in GNU grep affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-1345, CVE-2012-5667)
2018-06-17 22:32:53
Security Bulletin: Grep vulnerabilities affect IBM SmartCloud Entry (CVE-2012-5667)
2020-07-19 00:49:12
Security Bulletin: Vulnerability in GNU Grep affects PowerKVM (CVE-2015-1345)
2018-06-18 01:30:37
centos
centos
grep security update
2015-07-26 14:11:37
grep security update
2015-11-30 19:32:57
zdt
zdt
Grep <2.11 INT overflow, DoS, CMD Execution
2012-12-30 00:00:00
Grep < 2.11 Integer Overflow Crash PoC
2012-12-31 00:00:00
debiancve
debiancve
CVE-2012-5667
2013-01-03 11:54:25
CVE-2015-1345
2015-02-12 16:59:03
prion
prion
Integer overflow
2013-01-03 11:54:00
Out-of-bounds
2015-02-12 16:59:00
ubuntucve
ubuntucve
CVE-2012-5667
2013-01-03 00:00:00
CVE-2015-1345
2015-02-12 00:00:00
gentoo
gentoo
grep: User-assisted execution of arbitrary code
2014-03-26 00:00:00
grep: Denial of service
2015-02-25 00:00:00
nvd
nvd
CVE-2012-5667
2013-01-03 11:54:25
CVE-2015-1345
2015-02-12 16:59:03
cve
cve
CVE-2012-5667
2013-01-03 11:54:25
CVE-2015-1345
2015-02-12 16:59:03
seebug
seebug
Grep < 2.11 Integer Overflow Crash PoC
2014-07-01 00:00:00
cvelist
cvelist
CVE-2012-5667
2013-01-03 11:00:00
CVE-2015-1345
2015-02-12 16:00:00
packetstorm
packetstorm
Grep Integer Overflow
2012-12-31 00:00:00
f5
f5
K69662152 : Grep vulnerability CVE-2012-5667
2017-06-29 00:00:00
K42891424 : Grep vulnerability CVE-2015-1345
2017-06-29 00:00:00
exploitpack
exploitpack
Grep 2.11 - Integer Overflow Crash (PoC)
2012-12-31 00:00:00
archlinux
archlinux
grep: denial of service
2015-03-05 00:00:00
exploitdb
exploitdb
Grep &lt; 2.11 - Integer Overflow Crash (PoC)
2012-12-31 00:00:00

0.007 Low

EPSS

Percentile

80.8%

JSON
Related for 265CDFBF45622791D1D4E42A2DF06EBEBC34D26D66133C370423509957E042C2
oraclelinux2openvas8nessus16redhat2veracode2amazon2ibm4centos2zdt2debiancve2prion2ubuntucve2gentoo2nvd2cve2seebug1cvelist2packetstorm1f52exploitpack1archlinux1exploitdb1