Security Bulletin: Multiple vulnerabilities in cups, curl, libxfont affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance

2018-06-1722:30:13

www.ibm.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

Multiple vulnerabilities in cups, curl, libxfont affect IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance (CVE-2014-9679, CVE-2015-1158, CVE-2015-1159, CVE-2014-3613, CVE-2014-3707, CVE-2014-8150, CVE-2015-3143, CVE-2015-3148,CVE-2015-1802, CVE-2015-1803, CVE-2015-1804).

Vulnerability Details

CVEID: CVE-2014-9679 DESCRIPTION: CUPS is vulnerable to a buffer overflow, caused by an integer overflow in cupsRasterReadPixels. By persuading a victim to open a specially-crafted raster file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101014> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-1158**
DESCRIPTION:** Apple CUPS could allow a remote attacker to gain elevated privileges on the system, caused by the improper handling of localized strings. By sending specially crafted strings, an attacker could exploit this vulnerability to cause the admin/conf and admin access control lists to fail and gain elevated privileges on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103852> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVEID: CVE-2015-1159**
DESCRIPTION:** Apple CUPS is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the templating engine. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’‘s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’'s cookie-based authentication credentials.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103853> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-3613 DESCRIPTION: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the failure to properly detect and reject domain names for IP addresses. An attacker could exploit this vulnerability to send cookies to an incorrect site.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95925> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-3707 DESCRIPTION: cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by an error in the curl_easy_duphandle() function. An attacker could exploit this vulnerability to corrupt heap memory and obtain sensitive information or cause a denial of service.
CVSS Base Score: 6.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/98562> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVEID: CVE-2014-8150 DESCRIPTION: libcURL is vulnerable to CRLF injection, caused by the improper handling of URLs with embedded end-of-line characters. By persuading a victim to click on a specially-crafted URL link using an HTTP proxy, a remote attacker could exploit this vulnerability to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100567> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-3143 DESCRIPTION: libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102888> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-3148 DESCRIPTION: libcurl and cRUL could allow a remote attacker to bypass security restrictions, caused by improper use of the negotiate authentication method. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions and connect as other users.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102878> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-1802**
DESCRIPTION:** X.Org libXfont could allow a local attacker to gain elevated privileges on the system, caused by an error in bdfReadProperties() in the property count when parsing malicious files. An attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
CVSS Base Score: 7.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101608> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2015-1803**
DESCRIPTION:** X.Org libXfont is vulnerable to a denial of service, caused by an invalid pointer in bdfReadCharacters() when parsing malicious files. A local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101609> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C)

CVEID: CVE-2015-1804**
DESCRIPTION:** X.Org libXfont could allow a local attacker to gain elevated privileges on the system, caused by an error in bdfReadCharacters() when parsing malicious files. An attacker could exploit this vulnerability to execute arbitrary code on the system with root privileges.
CVSS Base Score: 7.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101610> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Affected Products and Versions

IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance

Remediation/Fixes

If you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm service agility accelerator for cloudeq2.1
ibm service agility accelerator for cloudeq2.1.0.1
ibm service agility accelerator for cloudeq2.1.0.2
ibm service agility accelerator for cloudeq2.1.0.3

Name	Operator	Version
ibm service agility accelerator for cloud	eq	2.1
ibm service agility accelerator for cloud	eq	2.1.0.1
ibm service agility accelerator for cloud	eq	2.1.0.2
ibm service agility accelerator for cloud	eq	2.1.0.3