Lucene search

K
ibmIBM5F20CB0ABD9FD431023288D4D43D22E2F83B28FCEFF033F4FFEE3443729BE800
HistoryJun 17, 2018 - 3:15 p.m.

Security Bulletin: Vulnerabilities in OpenSSH affect IBM MessageSight (CVE-2016-0777, CVE-2016-0778)

2018-06-1715:15:58
www.ibm.com
14

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

Summary

An information leak flaw and buffer overflow flaw in the way the OpenSSH client roaming feature was implemented affects IBM MessageSight.

Vulnerability Details

CVEID: CVE-2016-0777

DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by a client information leak from using the roaming connection feature. By persuading a victim to connect to a malicious server, an attacker could exploit this vulnerability to retrieve private cryptographic keys or other sensitive information.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109635 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-0778

DESCRIPTION: OpenSSH is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the packet_write_wait() and ssh_packet_write_wait() API functions when two non-default options: a ProxyCommand and either ForwardAgent or ForwardX11 are used. By persuading a victim to connect to a malicious server, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109636 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM MessageSight 1.2.0.3 and below

Remediation/Fixes

Product

|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
IBM MessageSight| 1.1| IT13410| 1.1.0.1-IBM-IMA-IFIT13410

IBM MessageSight|
1.2|
IT13392|
1.2.0.3-IBM-IMA-IFIT13392

After applying fix, IBM recommends that you regenerate your SSH keys as a precaution.

CPENameOperatorVersion
ibm messagesighteq1.1
ibm messagesighteq1.2

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

Related for 5F20CB0ABD9FD431023288D4D43D22E2F83B28FCEFF033F4FFEE3443729BE800