Security Bulletin: IBM QRadar Network Security is affected by Vulnerability in busybox (CVE-2021-28831)

Summary

IBM QRadar Network Security has addressed vulnerability in BusyBox. The issue could lead to denial of service.

Vulnerability Details

CVEID:CVE-2021-28831
**DESCRIPTION:**BusyBox is vulnerable to a denial of service, caused by the mishandling of the error bit on the huft_build result pointer in decompress_gunzip.c. By persuading a victim to open a specially-crafted gzip data, a remote attacker could exploit this vulnerability to cause an invalid free or segmentation fault, and results in a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198461 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM QRadar Network Security 5.4.0

IBM QRadar Network Security 5.5.0

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product

|

VRMF

|

Remediation/First Fix

—|—|—

IBM QRadar Network Security

|

5.4.0

|

Install Firmware 5.4.0.16 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.
Or
Download Firmware 5.4.0.16 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.

IBM QRadar Network Security

|

5.5.0

|

Install Firmware 5.5.0.11 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.
Or
Download Firmware 5.5.0.11 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.

Workarounds and Mitigations

None