Security Bulletin: Docker and Python as used in IBM QRadar SIEM is vulnerable to various CVEs.

Summary

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.

Vulnerability Details

CVEID: CVE-2016-3697**
DESCRIPTION:** Docker could allow a local attacker to gain elevated privileges on the system, caused by an error in libcontainer/user/user.go. By using a numeric username in the password file in a container, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113791 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-3631**
DESCRIPTION:** Docker could allow a remote attacker to bypass security restrictions, caused by the configuration of volume mounts to override files of /proc within a mount namespace. An attacker could exploit this vulnerability using specially-crafted images to specify arbitrary policies for Linux Security Modules.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103094 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-3630**
DESCRIPTION:** Docker could allow a remote attacker to obtain sensitive information, caused by multiple read/write proc paths being writable from containers. An attacker could exploit this vulnerability to modify the host and obtain sensitive information.
CVSS Base Score: 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103093 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVEID: CVE-2015-3627**
DESCRIPTION:** A symlink vulnerability in Libcontainer and Docker Engine regarding the file-descriptor being opened prior to performing the chroot could allow a local attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability using a specially crafted Dockerfile or image to gain elevated privileges on the system.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/103092 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-1843**
DESCRIPTION:** Red Hat docker package is vulnerable to a man-in-the-middle attack, caused by the use of the --add-registry option. A remote attacker could exploit this vulnerability to perform downgrade attacks to obtain authentication and image data to conduct man-in-the-middle attacks.
CVSS Base Score: 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102670 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-1912**
DESCRIPTION:** Python is vulnerable to a buffer overflow, caused by improper bounds checking by sock_recvfrom_into() function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/90931 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products and Versions

· IBM QRadar 7.2.0 - 7.2.8 Patch 6

Remediation/Fixes

· IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 7

Workarounds and Mitigations

None