Lucene search

K
ibmIBM2B5743929CD2498DACC59D1A3C0A99D03187B4B388F8962F92C26A7E033D6392
HistoryMar 29, 2023 - 1:48 a.m.

Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family (CVE-2011-3188)

2023-03-2901:48:02
www.ibm.com
32
dos vulnerability
weak ipv4
weak ipv6
san volume controller
storwize family
upgrade
network security
ibm
lenovo

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.016

Percentile

87.3%

Summary

Security Bulletin: Potential DOS due to weak IPv4 and IPv6 sequence numbers in SAN Volume Controller and Storwize Family (CVE-2011-3188)

Vulnerability Details

Security Bulletin


Summary

Potential DOS due to weak IPv4 and IPv6 sequence numbers

Vulnerability Details


**
CVEID:** CVE-2011-3188

DESCRIPTION:

The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.

CVE-2011-3188
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/69392 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions


IBM SAN Volume Controller
Storwize V7000 for Lenovo
Storwize V5000 for Lenovo
Storwize V3700 for Lenovo
Storwize V3500 for Lenovo

All products affected when running a code level below 7.1.0.0.

Remediation/Fixes


Restrict access to the system’s IP interface, for example using a private network or firewall technology. Only users with access to the IP interface can exploit the vulnerability.
Upgrade to 7.1.0.0 or better.

Workarounds and Mitigations


Upgrade to 7.1.0.0 or better.

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.016

Percentile

87.3%