IBM3CF3C789E67BC4BED4E00BAB92CFDEBBACDE7238E903B67252519FD7D01B4413Security Bulletin: Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX affect IBM Spectrum Protect Plus
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.297 Low
EPSS
Percentile
96.4%
Summary
Vulnerabilities in the Linux Kernel, Docker, Python, and NGINX such as directory traversal, execution of arbitrary commands, obtaining sensitive information, elevated privileges, bypassing security restrictions, and denial of service, may affect IBM Spectrum Protect Plus.
Vulnerability Details
CVEID:CVE-2020-28374
**DESCRIPTION:**Linux Kernel could allow a remote authenticated attacker to traverse directories on the system, caused by insufficient identifier checking in the LIO SCSI target code. An attacker could send a specially-crafted URL request to drivers/target/target_core_xcopy.c containing directory traversal sequences in an XCOPY request to read or write files to any LIO backstore.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194620 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
CVEID:CVE-2021-41092
**DESCRIPTION:**Docker CLI could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when running “docker login my-private-registry.example.com” command with a misconfigured configuration file. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/210712 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N)
CVEID:CVE-2021-27365
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an issue when certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. By sending a specially-crafted Netlink message, an attacker could exploit this vulnerability to obtain memory information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197859 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2021-27364
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the iscsi_if_recv_msg function in drivers/scsi/scsi_transport_iscsi.c. By sending specially-crafted Netlink messages, an attacker could exploit this vulnerability to connect to the iscsi NETLINK socket and send arbitrary commands to the kernel.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197858 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2021-27363
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a kernel pointer leak when show_transport_handle function in drivers/scsi/scsi_transport_iscsi.c is called. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain the address of the iscsi_transport structure information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197857 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2021-3347
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a kernel stack use-after-free during fault handling in PI futexes. An attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the kernel.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195798 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-25705
**DESCRIPTION:**Linux Kernel could allow a remote attacker to bypass security restrictions, caused by a flaw in the way reply ICMP packets are limited. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass source port UDP randomization to scan open UDP ports.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191785 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID:CVE-2021-20265
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a flaw in the unix_stream_recvmsg function when a signal was pending. By sending a specially-crafted request, a local attacker could exploit this vulnerability to exhaust available memory.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197998 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2020-29661
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a locking inconsistency issue in the tty subsystem in drivers/tty/tty_jobctrl.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192874 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2021-23017
**DESCRIPTION:**NGINX could allow a remote attacker to execute arbitrary code on the system, caused by an off-by-one error in ngx_resolver_copy() while processing DNS responses. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202450 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2021-22555
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write flaw in net/netfilter/x_tables.c. By sending a specially-crafted request through user name space, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204997 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-27835
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the infiniband hfi1 driver. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194430 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2021-3426
**DESCRIPTION:**Python pydoc module could allow a remote attacker from within the local network obtain sensitive information. By starting the pydoc server, an attacker could exploit this vulnerability to extract arbitrary files.
CVSS Base score: 5.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201171 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2021-33909
**DESCRIPTION:**Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in fs/seq_file.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges to root.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205906 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Protect Plus | 10.1.0.0-10.1.8.x |
Remediation/Fixes
| IBM Spectrum Protect Plus Release | First Fixing VRM Level | Platform | Link to Fix |
|---|---|---|---|
| 10.1 | 10.1.9 | Linux | <https://www.ibm.com/support/pages/node/6487159> |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spectrum protect plus | eq | 10.1 |
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.297 Low
EPSS
Percentile
96.4%