7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
Multiple vulnerabilities in Bind, glibc, net-snmp, spice affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5722, CVE-2015-5621, CVE-2014-3565, CVE-2014-8121, CVE-2015-3247).
CVEID: CVE-2015-5722**
DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the exit of a validating resolver due to an assertion failure in buffer.c…By parsing a malformed DNSSEC key, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106089 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2015-3247**
DESCRIPTION:** Red Hat spice is vulnerable to a heap-based buffer overflow, caused by improper bounds checking within worker_update_monitors_config() in spice-server. A remote attacker could overflow a buffer to crash the host QEMU-KVM process.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106182 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H)
CVEID: CVE-2014-8121**
DESCRIPTION:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102652 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-5621 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105232> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2014-3565 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by the improper handling of SNMP traps when started with the “-OQ” option. By sending an SNMP trap message containing a variable with a NULL type, a remote attacker could exploit this vulnerability to cause snmptrapd to crash.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95638> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
** IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance**
If you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.
None