IBM5091F138DAFB47C94A86C7EF18FEE02BC2C84C66C39A424090A1A8B8A6B8A9F4Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2012-6702, CVE-2016-5300)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
Summary
IBM Tivoli Monitoring uses Expat parser for parsing various configuration xml files as well as parsing soap requests.
Vulnerability Details
CVEID: CVE-2012-6702**
DESCRIPTION:** Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, could provide weaker than expected security. An attacker could exploit this vulnerability using attack vectors involving use of the srand function to defeat cryptographic protection mechanisms.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114541> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2016-5300**
DESCRIPTION:** Expat XML parser is vulnerable to a denial of service, caused by the failure to use sufficient entropy for hash initialization. By using a specially-crafted identifiers in an XML document, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114435> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
The basic services module, kbb for IBM Tivoli Monitoring 622 through 622 Fix Pack 9, 623 through 623 Fix Pack 5 and 630 through 630 Fix Pack 7 is affected and is included in the TEMA(ax/gl), TEMS(ms), TEPS(cq) and the User Interface Extensions(ue) components.
For the various configuration xml files used by ITM, if they were to be manipulated with malicious intent by someone with access to your ITM installation, then you could be vulnerable to the CVEβs reported in this bulletin. Configuration files include those for the firewall gateway as well as private situations and audit logging.
For soap server enabling soap security also reduces the risk to just malicious users with ITM access.
Remediation/Fixes
The patches below update the TEMA(ax), TEMS(ms), TEPS(cq) and User Interface(ue) components which are shipped as part of ITM
The technote Upgrading Shared Components for IBM Tivoli Monitoring Agents provides information on updating Shared Libraries.
| Fix | VRMF | How to acquire fix |
|---|---|---|
| 6.3.0-TIV-ITM-FP0007-IV88888 | 6.3.0 | http://www.ibm.com/support/docview.wss?uid=swg24043486 |
| 6.2.3-TIV-ITM-FP0005-IV88888 | 6.2.3 | |
| 6.2.2-TIV-ITM-FP0009-IV88888 | 6.2.2 |
Workarounds and Mitigations
None
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C