Lucene search

IBM69F13C4B496564967533BFCD59F0E0A7DC2B176EFF6845513A33832E68841935

HistoryJun 18, 2018 - 1:29 a.m.

Security Bulletin: A security vulnerability with ntpd affects IBM Flex System Manager (CVE-2015-1799)

2018-06-1801:29:36

www.ibm.com

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:P/A:P

JSON

Summary

A security vulnerability has been identified in ntpd that is used by IBM Flex System Manager (FSM). This bulletin addresses this vulnerability.

Vulnerability Details

CVEID: CVE-2015-1799**
DESCRIPTION:** Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102052 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

Flex System Manager 1.1.x.x

Flex System Manager 1.2.0.x

Flex System Manager 1.2.1.x

Flex System Manager 1.3.0.x

Flex System Manager 1.3.1.x

Flex System Manager 1.3.2.x

Flex System Manager 1.3.3.x

Flex System Manager 1.3.4.x

Remediation/Fixes

Product

| VRMF| APAR| Remediation
—|—|—|—
Flex System Manager| 1.3.4.x| IT11652| fsmfix1.3.4.0_IT11633_IT11634_IT11652
Flex System Manager| 1.3.3.x| IT11652| fsmfix1.3.3.0_IT11633_IT11634_IT11652
Flex System Manager| 1.3.2.x| IT11652| fsmfix1.3.2.0_IT11633_IT11634_IT11652
Flex System Manager| 1.3.1.x| IT11652| IBM is no longer providing code updates for this release. Update to FSM 1.3.4.0 and follow the appropriate remediation for all vulnerabilities.
Flex System Manager| 1.3.0.x| IT11652| IBM is no longer providing code updates for this release. Update to FSM 1.3.4.0 and follow the appropriate remediation for all vulnerabilities.
Flex System Manager| 1.2.1.x| IT11652| Effective September 30, 2015 IBM has discontinued service for these version/release/modification/fix levels.
Flex System Manager| 1.2.0.x| IT11652| Effective September 30, 2015 IBM has discontinued service for these version/release/modification/fix levels.
Flex System Manager| 1.1.x.x| IT11652| Effective April 30, 2015 IBM has discontinued service for these version/release/modification/fix levels.

Workarounds and Mitigations

None

CPENameOperatorVersion
flex system manager nodeeqany

CPE	Name	Operator	Version
	flex system manager node	eq	any

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:N/I:P/A:P

JSON

Related for 69F13C4B496564967533BFCD59F0E0A7DC2B176EFF6845513A33832E68841935