Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900

2023-02-1801:45:50

www.ibm.com

openssh

ibm flashsystem 840

flashsystem 900

vulnerabilities

cve-2015-6563

cve-2015-6564

remote attacker

impersonation attack

elevated privileges

code fixes

ibm fix central

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

Percentile

10.1%

JSON

Summary

There are vulnerabilities in OpenSSH to which the IBM® FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities (CVE-2015-6563 and CVE-2015-6564) could allow a remote attacker to bypass security restrictions to gain elevated privileges or conduct an impersonation attack.

Vulnerability Details

CVEID: CVE-2015-6563 DESCRIPTION: OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105881 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-6564 DESCRIPTION: OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105882 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

· FlashSystem 840 affected Machine Type Models (MTMs) include:
o 9840-AE1 and 9843-AE1

· FlashSystem 900 affected MTMs include:
o 9840-AE2 and 9843-AE2

· Code versions affected, for both FlashSystem 840 & 900, include supported VRMFs:
o 1.3.0.0 – 1.3.0.6

· Code streams NOT affected:
o 1.4 stream was NOT affected

Remediation/Fixes

MTMs

FlashSystem 900 MTMs:
9840-AE2 &
9843-AE2| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream:

___Fixed code VRMF __
1.3 stream: 1.3.0.7| _ _N/A| FlashSystem 840 fixes****and FlashSystem 900 fixes****are available @ IBM’s Fix Central