Security Bulletin: A Zookeeper Remote DoS vulnerability affects IBM BigInsights (CVE-2017-1213 )

Summary

A security vulnerability has been identified in Open Source Zookeeper that affects IBM BigInsights (IBM Open Platform with Apache Hadoop).

Vulnerability Details

CVEID: CVE-2017-1213**
DESCRIPTION:** IBM BigInsights Zookeeper when accessed behind a firewall where Jetty AdminServer is not available, could allow an authenticated user to cause a denial of service.
CVSS Base Score: 3.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/123853 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM BigInsights 4.1, 4.2, 4.2.5| IBM Open Platform 4.1, 4.2, 4.2.5

Remediation/Fixes

Follow instructions for apply service patch on IOP cluster:

<https://developer.ibm.com/hadoop/2015/12/17/iop-patch-management/&gt;

The specific patches for Red Hat version / IOP level are below:

IOP patches for RHEL 6:
IOP 4.1 <https://ibm-open-platform.ibm.com/repos/IOP/rhel/6/x86_64/4.1.x/Updates/4.1.0.0_20170915/&gt;
IOP 4.2 https://ibm-open-platform.ibm.com/repos/IOP/rhel/6/x86_64/4.2.x/Updates/4.2.0.0_20170915/
IOP 4.2.5 <https://ibm-open-platform.ibm.com/repos/IOP/rhel/6/x86_64/4.2.x/Updates/4.2.5.0_20170918/&gt;

IOP patches for RHEL 7:
IOP 4.1 http://ibm-open-platform.ibm.com/repos/IOP/rhel/7/x86_64/4.1.x/Updates/4.1.0.0_20170926/
IOP 4.2 http://ibm-open-platform.ibm.com/repos/IOP/rhel/7/x86_64/4.2.x/Updates/4.2.0.0_20170926/
IOP 4.2.5 <http://ibm-open-platform.ibm.com/repos/IOP/rhel/7/x86_64/4.2.x/Updates/4.2.5.0_20170926/&gt;