Lucene search

K
ibmIBM517F68A1A4505BFD99AC0D3CE51F5650B6671F17529E33311FB8E9B767D81FB8
HistoryJun 18, 2018 - 12:10 a.m.

Security Bulletin: Vulnerabilities in OpenSSH affect IBM XIV Gen2 (CVE-2016-0777, CVE-2016-0778)

2018-06-1800:10:44
www.ibm.com
5

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

Summary

An information leak flaw and buffer overflow flaw in the way the OpenSSH client roaming feature was implemented affects IBM XIV Gen2.

Vulnerability Details

CVEID: CVE-2016-0777
DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by a client information leak from using the roaming connection feature. By persuading a victim to connect to a malicious server, an attacker could exploit this vulnerability to retrieve private cryptographic keys or other sensitive information.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109635 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-0778
DESCRIPTION: OpenSSH is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the packet_write_wait() and ssh_packet_write_wait() API functions when two non-default options: a ProxyCommand and either ForwardAgent or ForwardX11are used. By persuading a victim to connect to a malicious server, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109636 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM XIV Gen2 systems running microcode versions 10.0 or later are affected.

Remediation/Fixes

Applying a non-disruptive patch that fixes this issue is available for versions 10.2.4.e-5 and 10.2.4.e-8. The application of this patch can be done via remote connection and would take about 5 minutes to be completed.

For versions other than 10.2.4.e-5 and 10.2.4.e-8, IBM recommends upgrading to a fixed, supported version of the product.

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P