Security Bulletin: Vulnerability in RC4 stream cipher affects Tivoli Netcool Service Quality Manager (CVE-2015-2808)

Summary

The RC4 “Bar Mitzvah” Attack for SSL/TLS affects Tivoli Netcool Service Quality Manager.

Vulnerability Details

CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to retrieve credit card data or other sensitive information. This vulnerability is commonly referred to as “Bar Mitzvah Attack”.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101851 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

This vulnerability affects Tivoli Netcool Service Quality Manager 4.1.4

Remediation/Fixes

IBM has provided patches for all affected versions.
The IBM Java Runtime Environment Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 9 can be downloaded from the IBM Fix Central site:
<https://delivery04.dhe.ibm.com/sar/CMA/WSA/0527u/2/j564redist.tar.gz&gt;

To install the patch the following procedure has to be performed on TNSQM servers:

$ sap stop
$ sapmon stop
$ sapmgr stop
$ cd ${WMCROOT}/java
$ mv jre jre.old
$ gunzip -c <location of patch>/jre564redist.tar.gz | tar -xf -
$ sapmon start
$ sapmgr start
$ sap start

Workarounds and Mitigations

None