Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM QRadar SIEM and QRadar Incident Forensics.

Summary

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM QRadar SIEM and Incident Forensics. IBM QRadar SIEM and Incident Forensics has addressed the applicable CVEs including the “DROWN: Decrypting RSA with Obsolete and Weakened encryption" vulnerability.

Vulnerability Details

CVEID: CVE-2016-0800

DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions. By using a server that supports SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding oracle, an attacker could exploit this vulnerability to decrypt TLS sessions between clients and non-vulnerable servers. This vulnerability is also known as the DROWN attack.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111139&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2016-0705

DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service.

CVSS Base Score: 3.7

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111140 for the current score

CVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-0797

DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the BN_hex2bn/BN_dec2bn() function. An attacker could exploit this vulnerability using specially crafted data to cause a denial of service.

CVSS Base Score: 3.7

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111142 for the current score

CVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-0702

DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel Sandy-Bridge microarchitecture. An attacker could exploit this vulnerability to recover RSA keys.

CVSS Base Score: 2.9

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111144 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2015-3197

DESCRIPTION: OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by an error related to the negotiation of disabled SSLv2 ciphers by malicious SSL/TLS clients. An attacker could exploit this vulnerability to conduct man-in-the-middle attacks.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/110235&gt; for the current score
CVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

Affected Products and Versions

· IBM QRadar SIEM 7.1.n
· IBM QRadar SIEM and Incident Forensics 7.2.****n

Remediation/Fixes

· IBM QRadar SIEM 7.1 MR2 Patch 12 Interim Fix 03

· IBM QRadar/QRM/QVM/QRIF 7.2.6 Patch 3

Workarounds and Mitigations

None