Security Bulletin: Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary

Multiple vulnerabilities in NTP, Hivex, glibc, libuser, BIND, affect IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance (CVE-2014-9297, CVE-2014-9298, CVE-2014-9273, CVE-2013-7424, CVE-2015-3245, CVE-2015-3246, CVE-2015-5477).

Vulnerability Details

CVEID: CVE-2014-9297**
DESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to conduct spoofing attacks, caused by insufficient entropy in PRNG. An attacker could exploit this vulnerability to spoof the IPv6 address ::1 to bypass ACLs and launch further attacks on the system.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100004 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-9298**
DESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) could allow a remote attacker to obtain sensitive information, caused by the improper validation of the length value in extension field pointers. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100005 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-9273**
DESCRIPTION:** Hivex could allow a local attacker to bypass security restrictions, caused by the failure to properly handle small-sized hive files in lib/handle.c. An attacker could exploit this vulnerability to gain privileges and execute arbitrary code on the system.
CVSS Base Score: 4.4
CVSS Temporal Score: See
<https://exchange.xforce.ibmcloud.com/vulnerabilities/99725&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2013-7424**
DESCRIPTION:** The GNU C Library (glibc) could allow a remote attacker to execute arbitrary code on the system, caused by an invalid free error in the getaddrinfo() function when used with the AI_IDN flag. An attacker able to make an application call this function could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 5.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101073&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-3245**
DESCRIPTION:** libuser is vulnerable to a denial of service, caused by the failure to properly filter out newline characters by the chfn() function within the userhelper utility. A local authenticated attacker could exploit this vulnerability to inject newline characters into the /etc/passwd file and cause a denial of service.
CVSS Base Score: 4.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105022 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-3246**
DESCRIPTION:** libuser could allow a local authenticated attacker to gain elevated privileges on the system, caused by the improper handling of the /etc/passwd file. An attacker could exploit this vulnerability to gain root privileges on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105023 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2015-5477**
DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by an error in the handling of TKEY queries. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a REQUIRE assertion failure.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105120 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance

Remediation/Fixes

If you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.

Workarounds and Mitigations

None