Lucene search

K
ibmIBM844D4377DE7D11C183AEF7BEEBFF5150237624CCAE269BEC3996C7B05598840C
HistoryOct 07, 2022 - 8:52 p.m.

Security Bulletin: Multiple Vulnerabilities in base image packages

2022-10-0720:52:32
www.ibm.com
10

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.3%

Summary

Security Vulnerabilities in base image packages affect IBM Voice Gateway.

Vulnerability Details

CVEID:CVE-2022-2526
**DESCRIPTION:**systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the on_stream_io() function and dns_stream_complete() function in “resolved-dns-stream.c” not incrementing the reference counting for the DnsStream object. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235161 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-1271
**DESCRIPTION:**GNU gzip could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of file name by the zgrep utility. By using a specially-crafted file name, an attacker could exploit this vulnerability to write arbitrary files on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223754 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Voice Gateway 1.0.7
Voice Gateway 1.0.6
Voice Gateway 1.0.2.4
Voice Gateway 1.0.4
Voice Gateway 1.0.7.1
Voice Gateway 1.0.2
Voice Gateway 1.0.8
Voice Gateway 1.0.5
Voice Gateway 1.0.3
Voice Gateway 1.0.7
Voice Gateway 1.0.6
Voice Gateway 1.0.2.4
Voice Gateway 1.0.4
Voice Gateway 1.0.7.1
Voice Gateway 1.0.2
Voice Gateway 1.0.8
Voice Gateway 1.0.5
Voice Gateway 1.0.3

Remediation/Fixes

Upgrade to the following IBM Voice Gateway 1.0.8.x images

ibmcom/voice-gateway-mr:1.0.8.3
ibmcom/voice-gateway-so:1.0.8.3

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm voice gatewayeqany

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.3%

Related for 844D4377DE7D11C183AEF7BEEBFF5150237624CCAE269BEC3996C7B05598840C