Lucene search

IBMAAE114D8A69F05129364012AF2CEE0C8AA75AB4896ED4BE9D58C0D445ED7C50E

HistoryJun 18, 2018 - 12:07 a.m.

Security Bulletin: Mozilla firefox vulnerability issues on IBM SONAS (CVE-2013-5609, CVE-2013-5610, CVE-2013-5611, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6671, CVE-2013-6672, CVE

2018-06-1800:07:56

www.ibm.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

SONAS is shipped with Mozilla firefox, for which fixes are available for security vulnerabilities.

Vulnerability Details

CVEID:
CVE-2013-5609
CVE-2013-5610
CVE-2013-5611
CVE-2013-5612
CVE-2013-5613
CVE-2013-5614
CVE-2013-5615
CVE-2013-5616
CVE-2013-5618
CVE-2013-5619
CVE-2013-6671
CVE-2013-6672
CVE-2013-6673

DESCRIPTION:

SONAS is shipped with Mozilla firefox. Fixes are available for the security vulnerabilities found with Mozilla firefox. None of these vulnerabilities are exploitable during usual operations of SONAS system. Nevertheless, since using firefox to access the Internet would implicate these vulnerabilities, we recommend applying the fixes available.

CVE-2013-5609
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89538 for the current score

CVE-2013-5610
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89539 for the current score

CVE-2013-5611
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89540 for the current score

CVE-2013-5612
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89592 for the current score

CVE-2013-5613
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89600 for the current score

CVE-2013-5614
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89593 for the current score

CVE-2013-5615
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89601 for the current score

CVE-2013-5616
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89594 for the current score

CVE-2013-5618
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89595 for the current score

CVE-2013-5619
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89596 for the current score

CVE-2013-6671
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89597 for the current score

CVE-2013-6672
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89598 for the current score

CVE-2013-6673
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89599 for the current score

Affected Products and Versions

IBM SONAS
The product is affected when running code releases 1.3.2.0 to 1.4.2.1.

Remediation/Fixes

Fixes for these issues are in version 1.4.3.0 of SONAS. Customers running an earlier version of SONAS (e.g. SONAS 1.3.2.1, 1.4.0.0, 1.4.2.1) should upgrade to SONAS 1.4.3.0 or a later version, so that the fix gets applied.

Workarounds and Mitigations

Work-around(s): Use of Mozilla firefox for accessing web sites from SONAS system should be avoided. Mitigation(s): None of these vulnerabilities are exploitable during usual operations of SONAS system. Service personnel should not use Mozilla firefox from SONAS nodes to access the Internet.

CPENameOperatorVersion
network attached storage (nas)->scale out network attached storageeq1.3
network attached storage (nas)->scale out network attached storageeq1.4