IBM62DB70FCF6301104005FF9FB20C71886DC177ADAE354920858B0940C223989CDSecurity Bulletin: Multiple packages as used in IBM Security QRadar Packet Capture are vulnerable to various security issues.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Summary
The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.
Vulnerability Details
CVEID: CVE-2017-5461**
DESCRIPTION:** Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an out-ouf-bounds write during Base64 decoding operation in the Network Security Services (NSS) library. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125002> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-3137**
DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the improper handling of a query response containing CNAME or DNAME resource records in an unusual order. By sending a specially crafted DNS response, a remote attacker could exploit this vulnerability to make named exit unexpectedly with an assertion failure.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124517> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-3136**
DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the improper handling of query requests when using DNS64 with “break-dnssec yes” option. By sending a specially crafted DNS request, a remote attacker could exploit this vulnerability to make named exit unexpectedly with an assertion failure.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/124516> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-2636**
DESCRIPTION:** Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). By using a specially-crafted application, an attacker could exploit this vulnerability to gain privileges on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/122898> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-2628**
DESCRIPTION:** cURL could allow a remote attacker to bypass security restrictions, caused by improper use of Negotiate authenticated HTTP connections for subsequent requests. An attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base Score: 4.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125103> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2013-4075**
DESCRIPTION:** Wireshark (formerly Ethereal) is vulnerable to a denial of service, caused by an error in the GMR-1 BCCH dissector. By persuading a victim to open a specially-crafted packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/84821> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVEID: CVE-2016-2107**
DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error when the connection uses an AES CBC cipher and the server support AES-NI. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt traffic.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112854> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVEID: CVE-2015-3813**
DESCRIPTION:** A memory leak in Wireshark could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103256> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-3812**
DESCRIPTION:** A memory leak in X11 dissector in Wireshark could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103257> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-3811**
DESCRIPTION:** Wireshark is vulnerable to a denial of service, caused by an error in the WCP dissector. By persuading a victim to open a specially-crafted packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103258> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVEID: CVE-2016-7910**
DESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the disk_seqf_stop function. By leveraging the execution of a certain stop operation, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119531> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
· QRadar Packet Capture 7.3.0 - 7.3.0 Patch 1
· QRadar Packet Capture Data Node 7.3.0 - 7.3.0 Patch 1
Remediation/Fixes
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm qradar network packet capture software | eq | 7.3 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C