Lucene search

K
ibmIBM3D8BE46C00FE697C00C9AE5D470B4DC2DCD02295029CD247718318EAFD38691B
HistoryJan 03, 2024 - 6:19 p.m.

Security Bulletin: Vulnerability in zlib affect OS Image for AIX Systems shipped with IBM Cloud Pak System [CVE-2018-25032]

2024-01-0318:19:13
www.ibm.com
11
vulnerability
zlib
os image
aix systems
ibm cloud pak system
cve-2018-25032
deflate operation
memory corruption
remote attacker
application crash
interim fix
ibm fix central
upgrading
aix 7.2 tl5 sp6

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%

Summary

Vulnerability in zlib affect OS Image for AIX Systems shipped with IBM Cloud Pak System.

Vulnerability Details

CVEID:CVE-2018-25032
**DESCRIPTION:**Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak System 2.3.1.1, 2.3.2.0
IBM Cloud Pak System 2.3.3.7
IBM OS Image for AIX Systems 7.2 TL5 SP5

Remediation/Fixes

Vulnerability in zlib affect OS image for AIX System. In reposne to this vulnerability IBM provides new IBM Cloud Pak System v2.3.3.7 Interim Fix 1 that update OS Image for AIX System to OS Image AIX 3.1.2.0 with AIX 7.2 TL5 SP6.

For Cloud Pak System V2.3.1.1, V2.3.2.0 for Power
Upgrade to Cloud Pak System v2.3.3.7 and apply V2.3.3.7 Interim Fix 01 at IBM Fix Central.
information on upgrading here <https://www.ibm.com/support/pages/node/6982511&gt;

For Cloud Pak System V2.3.3.7 for Power
Apply Cloud Pak System V2.3.3.7 Interim Fix 01 at IBM Fix Central.

information on upgrading available at <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_systemMatch2.3
CPENameOperatorVersion
ibm cloud pak system softwareeq2.3

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.4%