Security Bulletin: IBM Security Access Manager Appliance is affected by OpenSSH vulnerabilities

Summary

IBM Security Access Manager Appliance has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2016-10011**
DESCRIPTION:** OpenSSH could allow a local authenticated attacker to obtain sensitive information, caused by a privilege separation flaw. An attacker could exploit this vulnerability to obtain host private key material and other sensitive information.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119830 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-10009**
DESCRIPTION:** OpenSSH could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the loading of a specially crafted PKCS#11 module across a forwarded agent channel. An attacker could exploit this vulnerability to write files or execute arbitrary code on the system.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119828 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-6515**
DESCRIPTION:** OpenSSH is vulnerable to a denial of service, caused by the failure to limit password lengths for password authentication by the auth_password function. A remote attacker could exploit this vulnerability using an overly long string to consume all available CPU resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115911 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-6210**
DESCRIPTION:** OpenSSH could allow a remote attacker to obtain sensitive information, caused by the increased amount of time to calculate SHA256/SHA512 hash than BLOWFISH hash. An attacker could exploit this vulnerability using a covert timing channel to enumerate users on system that runs SSHD.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115128 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected IBM Security Access Manager Appliance

|

Affected Versions

—|—
IBM Security Access Manager for Web (appliance)| 7.0 - 7.0.0.31
IBM Security Access Manager for Web| 8.0 - 8.0.1.7
IBM Security Access Manager for Mobile| 8.0 - 8.0.1.7
IBM Security Access Manager| 9.0 - 9.0.3.1

Remediation/Fixes

Product

| VRMF|APAR|Remediation
—|—|—|—
IBM Security Access Manager for Web (appliance)| 7.0 - 7.0.0.31| IJ03401| Apply Interim Fix 34:
7.0.0-ISS-WGA-IF0034
IBM Security Access Manager for Web (appliance)| 8.0 - 8.0.1.7| IJ03386| 1. For versions prior to 8.0.1.7, upgrade to 8.0.1.7:
8.0.1-ISS-WGA-FP0007
2. Apply 8.0.1.7 IF 1:
8.0.1.7-ISS-WGA-IF0001
IBM Security Access Manager for Mobile (appliance)| 8.0 - 8.0.1.7| IJ03399| 1. For versions prior to 8.0.1.7, upgrade to 8.0.1.7:
8.0.1-ISS-ISAM-FP0007
2. Apply 8.0.1.7 IF 1:
8.0.1.7-ISS-ISAM-IF0001
IBM Security Access Manager (appliance)| 9.0 - 9.0.3.1| IJ03386| Upgrade to 9.0.4.0:
9.0.4-ISS-ISAM-FP0000

Workarounds and Mitigations

None