Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8FD3A16FA12CED864EBE37EA33C2C3D2F822356BE1DBB84D459FFFE8056817D5
HistoryJun 18, 2018 - 1:36 a.m.

Security Bulletin: Multiple vulnerabilities in curl affect IBM Flex System Manager (FSM)

2018-06-1801:36:39
www.ibm.com
14

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

Multiple vulnerabilities have been discovered in curl that is embedded in FSM. This bulletin addresses these issues.

Vulnerability Details

CVEID: CVE-2016-8615**
DESCRIPTION:** cURL/libcurl is vulnerable to cookie injection, caused by an error related to fgets() function. By using a malicious server that sends a very long cookie name and value, a remote attacker could exploit this vulnerability to inject a malicious cookie for arbitrary domains.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118632 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2016-8616**
DESCRIPTION:** cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the use of case insensitive comparisons. By using valid credentials exists for a protocol which supports connection-scoped credentials, an attacker could exploit this vulnerability to cause a connection to be reused.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118633 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2016-8617**
DESCRIPTION:** cURL/libcurl could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out of bounds write in the base64 encode function. By using a specially crafted username, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118636 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-8618**
DESCRIPTION:** cURL/libcurl could allow a remote attacker to execute arbitrary code on the system, caused by double-free error in the curl_maprintf() function on systems using 32 bit size_t variables. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118645 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-8621**
DESCRIPTION:** cURL/libcurl could allow a remote attacker to obtain sensitive information, caused by an out of bounds read error within the curl_getdate function. By using specially-crafted date strings, a remote attacker could exploit this vulnerability to execute arbitrary code in the context of the process and obtain sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118639 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-8624**
DESCRIPTION:** cURL/libcurl could allow a remote attacker to bypass security restrictions, caused by the failure to parse the authority component of the URL when handling ‘#’ character. By using a specially-crafted URL with ‘#’ character, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118642 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Flex System Manager 1.3.4.0
Flex System Manager 1.3.3.0
Flex System Manager 1.3.2.1
Flex System Manager 1.3.2.0

Remediation/Fixes

IBM recommends updating the FSM and all affected remote Common Agent Services (CAS) endpoints using the instructions referenced in this table.

Product VRMF Remediation
Flex System Manager 1.3.4.0 Navigate to the Support Portal_ _and search for technote 806983864 for instructions on installing updates for FSM version 1.3.4 and Agents.
Flex System Manager 1.3.3.0 Navigate to the Support Portal_ _and search for technote 806983864 for instructions on installing updates for FSM version 1.3.3 and Agents.
Flex System Manager 1.3.2.0
1.3.2.1 Navigate to the Support Portal_ _and search for technote 806983864 for instructions on installing updates for FSM version 1.3.2 and Agents.

For all other releases IBM recommends upgrading to a fixed, supported version/release of the product.

You should verify applying this fix does not cause any compatibility issues. The fix may disable older encrypted protocols by default.

IBM recommends that you review your entire environment to identify other areas where you have enabled weak encryption and take appropriate mitigation and remediation actions.

For a complete listing of FSM security iFixes go to this technote: http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex--NULL--E

Workarounds and Mitigations

None

CPENameOperatorVersion
flex system manager nodeeqany

Related

ibm 8
osv 10
nessus 27
archlinux 6
openvas 19
debian 2
fedora 2
oraclelinux 6
amazon 1
suse 6
slackware 1
freebsd 1
altlinux 1
cloudfoundry 1
ubuntu 1
mageia 1
debiancve 7
gentoo 1
f5 6
veracode 6
ubuntucve 7
alpinelinux 6
redhatcve 7
prion 7
cve 7
hackerone 1
rosalinux 1
github 1
ics 1
redhat 2
myhack58 1
apple 2
photon 2
oracle 2
ibm
ibm
Security Bulletin: Vulnerabilities in cURL affect IBM Flex System Chassis Management Module (CMM)
2019-01-31 02:25:02
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in curl
2019-01-31 02:25:02
Security Bulletin: Multiple vulnerabilities in cURL affect IBM Workload Scheduler
2018-06-17 15:46:47
osv
osv
curl - security update
2016-11-17 00:00:00
curl - security update
2016-11-03 00:00:00
CVE-2016-8615
2018-08-01 06:29:00
nessus
nessus
OracleVM 3.4 : curl (OVMSA-2020-0035)
2020-09-02 00:00:00
Debian DLA-711-1 : curl security update
2016-11-18 00:00:00
Oracle Linux 6 / 7 : curl (ELSA-2019-4652)
2019-05-24 00:00:00
archlinux
archlinux
[ASA-201611-4] lib32-curl: multiple issues
2016-11-02 00:00:00
[ASA-201611-10] lib32-libcurl-gnutls: multiple issues
2016-11-03 00:00:00
[ASA-201611-5] lib32-libcurl-compat: multiple issues
2016-11-02 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-711-1)
2023-03-08 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2017-1036)
2020-01-23 00:00:00
Debian Security Advisory DSA 3705-1 (curl - security update)
2016-11-03 00:00:00
debian
debian
[SECURITY] [DLA 711-1] curl security update
2016-11-17 21:45:07
[SECURITY] [DSA 3705-1] curl security update
2016-11-03 23:07:00
fedora
fedora
[SECURITY] Fedora 24 Update: curl-7.47.1-9.fc24
2016-11-06 00:28:22
[SECURITY] Fedora 25 Update: curl-7.51.0-1.fc25
2016-11-19 21:51:02
oraclelinux
oraclelinux
curl security update
2020-10-06 00:00:00
curl security and bug fix update
2019-07-30 00:00:00
curl security and bug fix update
2019-08-13 00:00:00
amazon
amazon
Medium: curl
2016-11-10 18:00:00
suse
suse
Security update for curl (important)
2016-11-02 16:07:53
Security update for curl (important)
2016-11-10 17:06:47
Security update for curl (important)
2016-11-03 15:08:42
slackware
slackware
[slackware-security] curl
2016-11-04 03:34:42
freebsd
freebsd
cURL -- multiple vulnerabilities
2016-11-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.51.0-alt1
2016-11-02 00:00:00
cloudfoundry
cloudfoundry
USN-3123-1: curl vulnerabilities | Cloud Foundry
2016-12-13 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2016-11-03 00:00:00
mageia
mageia
Updated curl packages fix security vulnerability
2018-01-03 19:40:26
debiancve
debiancve
CVE-2016-8621
2018-07-31 22:29:00
CVE-2016-8615
2018-08-01 06:29:00
CVE-2016-8616
2018-08-01 06:29:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-01-19 00:00:00
f5
f5
K26899353 : libcurl vulnerability CVE-2016-8621
2017-04-19 00:00:00
K01006862 : cURL and libcurl vulnerability CVE-2016-8615
2017-04-12 00:00:00
K10196624 : libcurl vulnerability CVE-2016-8618
2017-04-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-07-18 10:26:30
Remote Security Bypass
2018-08-02 06:56:35
Cookie Injection
2018-08-17 07:05:06
ubuntucve
ubuntucve
CVE-2016-8621
2016-11-02 00:00:00
CVE-2016-8615
2016-11-02 00:00:00
CVE-2016-8618
2016-11-02 00:00:00
alpinelinux
alpinelinux
CVE-2016-8621
2018-07-31 22:29:00
CVE-2016-8615
2018-08-01 06:29:00
CVE-2016-8624
2018-07-31 21:29:00
redhatcve
redhatcve
CVE-2016-8615
2016-11-02 08:17:22
CVE-2016-8621
2016-11-02 08:47:51
CVE-2016-8618
2016-11-02 08:47:22
prion
prion
Out-of-bounds
2018-07-31 22:29:00
Double free
2018-07-31 21:29:00
Design/Logic Flaw
2018-08-01 06:29:00
cve
cve
CVE-2016-8621
2018-07-31 22:29:00
CVE-2016-8616
2018-08-01 06:29:00
CVE-2016-8615
2018-08-01 06:29:00
hackerone
hackerone
Internet Bug Bounty: cURL / libcURL - CVE-2016-8624 invalid URL parsing with '#'
2016-11-05 21:31:51
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57
github
github
Improper Input Validation in async-http-client
2018-10-19 16:50:50
ics
ics
Hitachi Energy MSM Product
2022-08-30 12:00:00
redhat
redhat
(RHSA-2018:2486) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
2018-08-16 16:05:21
(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update
2018-11-13 08:00:33
myhack58
myhack58
Note, the cURL of the vulnerability nor less-vulnerability warning-the black bar safety net
2016-12-06 00:00:00
apple
apple
About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite
2016-12-13 00:00:00
About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite - Apple Support
2020-07-27 08:14:17
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0420
2023-07-05 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0603
2023-06-26 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for 8FD3A16FA12CED864EBE37EA33C2C3D2F822356BE1DBB84D459FFFE8056817D5
ibm8osv10nessus27archlinux6openvas19debian2fedora2oraclelinux6amazon1suse6slackware1freebsd1altlinux1cloudfoundry1ubuntu1mageia1debiancve7gentoo1f56veracode6ubuntucve7alpinelinux6redhatcve7prion7cve7hackerone1rosalinux1github1ics1redhat2myhack581apple2photon2oracle2