Security Bulletin: Vulnerabilities in OpenSSH affects Power Hardware Management Console

Summary

OpenSSH is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2016-6515**
DESCRIPTION:** OpenSSH is vulnerable to a denial of service, caused by the failure to limit password lengths for password authentication by the auth_password function. A remote attacker could exploit this vulnerability using an overly long string to consume all available CPU resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115911 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-6210**
DESCRIPTION:** OpenSSH could allow a remote attacker to obtain sensitive information, caused by the increased amount of time to calculate SHA256/SHA512 hash than BLOWFISH hash. An attacker could exploit this vulnerability using a covert timing channel to enumerate users on system that runs SSHD.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115128 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-10012**
DESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by improper bounds checking in the shared memory manager. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119831 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-10011**
DESCRIPTION:** OpenSSH could allow a local authenticated attacker to obtain sensitive information, caused by a privilege separation flaw. An attacker could exploit this vulnerability to obtain host private key material and other sensitive information.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119830 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-10009**
DESCRIPTION:** OpenSSH could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the loading of a specially crafted PKCS#11 module across a forwarded agent channel. An attacker could exploit this vulnerability to write files or execute arbitrary code on the system.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119828 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Version

|

CVE list

—|—

Power HMC V8.8.4.0

| CVE-2016-10011, CVE-2016-10009, CVE-2016-6515 and CVE-2016-6210

Power HMC V8.8.5.0

| CVE-2016-10011, CVE-2016-10009, CVE-2016-6515 and CVE-2016-6210

Power HMC V8.8.6.0

| CVE-2016-10011, CVE-2016-10009, CVE-2016-6515, CVE-2016-6210 and CVE-2016-10012

Power HMC V8.8.7.0

| CVE-2016-10011, CVE-2016-10009, CVE-2016-6515, CVE-2016-6210 and CVE-2016-10012

Remediation/Fixes

The following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/&gt;

Product

|

VRMF

|

APAR

|

Remediation/Fix

—|—|—|—

Power HMC

|

V8.8.4.0 SP3

|

MB04104

|

MH01720

Power HMC

|

V8.8.5.0 SP3

|

MB04105

|

MH01721

Power HMC

|

V8.8.6.0 SP2

|

MB04118

|

MH01731

Power HMC

|

V8.8.7.1 ppc

|

MB04114

|

MH01726

Power HMC

|

V8.8.7.1 x86

|

MB04113

|

MH01725

Workarounds and Mitigations

None