Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM743DC93C2E4EF47CECE36F8B7C060480B640A7FAA0F558539F5D22DEB5ACF3B7
HistoryJun 18, 2018 - 12:32 a.m.

Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840

2018-06-1800:32:32
www.ibm.com
20

EPSS

0

Percentile

10.1%

JSON

Summary

There are vulnerabilities in OpenSSH to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities (CVE-2015-6563 and CVE-2015-6564) could allow a remote attacker to bypass security restrictions to gain elevated privileges or conduct an impersonation attack.

Vulnerability Details

CVEID: CVE-2015-6563 DESCRIPTION: OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105881 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2015-6564 DESCRIPTION: OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105882 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

**Affected Products and Versions of FlashSystem V840’s two node types **
Storage Node
· Machine Type Models (MTMs) affected include 9846-AE1 and 9848-AE1
· Code versions affected include supported VRMFs:
o 1.3.0.0 – 1.3.0.6
· Code streams NOT affected:
o 1.4 stream

_Controller Node _
· MTMs affected include 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1
· Code streams NOT affected:
· 7.6, 7.7, and 7.8 code streams were NOT affected

Remediation/Fixes

V840 MTMs

| VRMF| APAR| Remediation/First Fix
—|—|—|—
Storage nodes:
9846-AE1 &
9848-AE1| _Code fixes are now available, the minimum VRMF containing the fix depends on the code stream:

___Storage Node VRMF __
1.3 stream: 1.3.0.7| _ _N/A| FlashSystem V840 fixes**for storage and controller node **are available @ IBM’s Fix Central

Workarounds and Mitigations

None

Related

f5 2
ibm 12
nessus 28
amazon 2
openvas 14
aix 2
redhat 2
altlinux 2
fedora 1
freebsd 1
centos 2
oraclelinux 2
suse 1
debiancve 2
veracode 2
cve 2
prion 2
gentoo 1
cvelist 2
nvd 2
ubuntucve 2
symantec 1
debian 1
osv 1
rosalinux 1
ics 1
securityvulns 2
f5
f5
K17263 : OpenSSH vulnerabilities CVE-2015-6563 and CVE-2015-6564
2015-09-17 00:00:00
SOL17263 - OpenSSH vulnerabilities CVE-2015-6563 and CVE-2015-6564
2015-09-16 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem models 840 and 900
2023-02-18 01:45:50
Security Bulletin: Vulnerabilities in OpenSSH affect SAN Volume Controller and Storwize Family (CVE-2015-6563 CVE-2015-6564)
2023-03-29 01:48:02
Security Bulletin: Openssh vulnerabilities affect IBM SmartClound Entry (CVE-2015-5352 CVE-2015-6563 CVE-2015-6564)
2020-07-19 00:49:12
nessus
nessus
F5 Networks BIG-IP : OpenSSH vulnerabilities (K17263)
2016-06-02 00:00:00
AIX OpenSSH Advisory : openssh_advisory6.asc
2015-10-29 00:00:00
Amazon Linux AMI : openssh (ALAS-2015-592)
2015-09-03 00:00:00
amazon
amazon
Medium: openssh
2015-09-02 12:00:00
Medium: openssh
2015-12-14 10:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-592)
2015-09-08 00:00:00
RedHat Update for openssh RHSA-2015:2088-06
2015-11-20 00:00:00
OpenSSH Multiple Vulnerabilities
2015-09-15 00:00:00
aix
aix
AIX OpenSSH Vulnerability
2015-10-21 09:17:40
AIX OpenSSH Vulnerability
2016-01-29 16:13:16
redhat
redhat
(RHSA-2015:2088) Moderate: openssh security, bug fix, and enhancement update
2015-11-19 14:41:38
(RHSA-2016:0741) Moderate: openssh security, bug fix, and enhancement update
2016-05-10 06:42:16
altlinux
altlinux
Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.4
2016-11-08 00:00:00
Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.4
2016-11-08 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: openssh-6.6.1p1-16.fc21
2015-08-27 23:52:00
freebsd
freebsd
OpenSSH -- PAM vulnerabilities
2015-08-11 00:00:00
centos
centos
openssh, pam_ssh_agent_auth security update
2015-11-30 19:46:33
openssh, pam_ssh_agent_auth security update
2016-05-16 10:19:28
oraclelinux
oraclelinux
openssh security, bug fix, and enhancement update
2015-11-23 00:00:00
openssh security, bug fix, and enhancement update
2016-05-12 00:00:00
suse
suse
Security update for openssh (important)
2015-09-21 09:10:02
debiancve
debiancve
CVE-2015-6563
2015-08-24 01:59:00
CVE-2015-6564
2015-08-24 01:59:01
veracode
veracode
Privilege Escalation
2019-05-02 05:29:33
Privilege Escalation
2019-05-02 05:29:33
cve
cve
CVE-2015-6563
2015-08-24 01:59:00
CVE-2015-6564
2015-08-24 01:59:01
prion
prion
Design/Logic Flaw
2015-08-24 01:59:00
Design/Logic Flaw
2015-08-24 01:59:00
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2015-12-20 00:00:00
cvelist
cvelist
CVE-2015-6564
2015-08-24 00:00:00
CVE-2015-6563
2015-08-24 00:00:00
nvd
nvd
CVE-2015-6564
2015-08-24 01:59:01
CVE-2015-6563
2015-08-24 01:59:00
ubuntucve
ubuntucve
CVE-2015-6564
2015-08-24 00:00:00
CVE-2015-6563
2015-08-24 00:00:00
symantec
symantec
SA104 : OpenSSH Vulnerabilities
2015-12-08 08:00:00
debian
debian
[SECURITY] [DLA 1500-1] openssh security update
2018-09-10 08:44:17
osv
osv
openssh - security update
2018-09-10 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1938
2021-07-02 17:38:20
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00
securityvulns
securityvulns
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007
2015-10-25 00:00:00
Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities
2015-10-25 00:00:00

EPSS

0

Percentile

10.1%

JSON
Related for 743DC93C2E4EF47CECE36F8B7C060480B640A7FAA0F558539F5D22DEB5ACF3B7
f52ibm12nessus28amazon2openvas14aix2redhat2altlinux2fedora1freebsd1centos2oraclelinux2suse1debiancve2veracode2cve2prion2gentoo1cvelist2nvd2ubuntucve2symantec1debian1osv1rosalinux1ics1securityvulns2