logo
DATABASE RESOURCES PRICING ABOUT US

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private

Description

## Summary IBM Cloud Private is vulnerable to multiple security vulnerabilities ## Vulnerability Details **CVEID:** [CVE-2018-5146](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146>) **DESCRIPTION:** libvorbis, as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory write. By persuading a victim to open a specially-crafted media file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the browser to crash. CVSS Base Score: 8.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140404> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-15422](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15422>) **DESCRIPTION:** Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in ICU. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. CVSS Base Score: 6.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136054> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) **CVEID:** [CVE-2017-15412](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412>) **DESCRIPTION:** Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in libXML. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. CVSS Base Score: 6.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136046> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) **CVEID:** [CVE-2017-7526](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526>) **DESCRIPTION:** Libgcrypt could allow a remote attacker to obtain sensitive information, caused by a cache side-channel attack when using left-to-right sliding window method by the RSA-1024 implementation. By running arbitrary software where the private key is used, an attacker could exploit this vulnerability to obtain the RSA private key. CVSS Base Score: 6.1 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/128271> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N) **CVEID:** [CVE-2018-1000122](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122>) **DESCRIPTION:** curl could allow a remote attacker to obtain sensitive information, caused by a buffer over-read in the RTSP+RTP handling code. An attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. CVSS Base Score: 6.5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140316> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) **CVEID:** [CVE-2018-0739](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>) **DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID:** [CVE-2018-0733](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0733>) **DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by the failure to properly compare byte values by the PA-RISC CRYPTO_memcmp() function used on HP-UX PA-RISC targets. An attacker could exploit this vulnerability to forge messages, some of which may be authenticated. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140849> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) **CVEID:** [CVE-2017-17512](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17512>) **DESCRIPTION:** sensible-utils package for Debian could allow a remote attacker to execute arbitrary commands on the system, caused by the failure to validate strings before launching the program specified by the BROWSER environment variable in sensible-browser. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136182> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-17426](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17426>) **DESCRIPTION:** GNU C Library (aka glibc or libc6) is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the per-thread cache (aka tcache) feature. By allocating an object whose size is close to SIZE_MAX, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135985> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-16612](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16612>) **DESCRIPTION:** X.Org libXcursor is vulnerable to a heap-based buffer overflow, caused by various integer overflows. By sending specially-crafted cursors with programs like GIMP, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135813> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) **CVEID:** [CVE-2017-16546](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16546>) **DESCRIPTION:** ImageMagick is vulnerable to a denial of service, caused by improper validation of the colormap index in a WPG palette in the ReadWPGImage function in coders/wpg.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134498> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) **CVEID:** [CVE-2017-1000117](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000117>) **DESCRIPTION:** Git could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper handling of the "ssh" URLs. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base Score: 8.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130244> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-1000116](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116>) **DESCRIPTION:** Mercurial could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of hostnames passed to ssh. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject and execute arbitrary commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133105> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-0379](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379>) **DESCRIPTION:** Libgcrypt could allow a local attacker to obtain sensitive information, caused by a flaw in the cipher/ecc.c and mpi/ec.c. By using Curve25519 side-channel attacks, an attacker could exploit this vulnerability to discover a secret key. CVSS Base Score: 2.9 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131281> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) **CVEID:** [CVE-2017-15908](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15908>) **DESCRIPTION:** systemd is vulnerable to a denial of service, caused by an error in the dns_packet_read_type_window function. By sending a specially-crafted DNS NSEC resource record data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 7.5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134141> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) **CVEID:** [CVE-2016-2774](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2774>) **DESCRIPTION:** ISC DHCP is vulnerable to a denial of service, caused by the failure to limit the number of open TCP connections to the ports for inter-process communications and control. By opening a large number of TCP connections, a remote attacker from within the local network could exploit this vulnerability to become unresponsive or consume all available sockets. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111319> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) **CVEID:** [CVE-2017-16544](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544>) **DESCRIPTION:** BusyBox could allow a remote attacker to execute arbitrary code on the system, caused by the improper sanitization of filename in the add_match function in libbb/lineedit.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135207> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-15650](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15650>) **DESCRIPTION:** musl libc is vulnerable to a stack-based buffer overflow, caused by the failure to restrict the number of addresses in the dns_parse_callback function in network/lookup_name.c. By sending specially-crafted DNS replies, a remote attacker could exploit this vulnerability to provide an unexpected number of addresses. CVSS Base Score: 7.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133862> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) **CVEID:** [CVE-2017-12883](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883>) **DESCRIPTION:** PERL is vulnerable to a denial of service, caused by a buffer overflow in the regular expression parser. By using vectors involving the use of RExC_parse in the vFAIL macro, a remote attacker could exploit this vulnerability to cause the application to crash or leak data from memory. CVSS Base Score: 9.1 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132298> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) **CVEID:** [CVE-2017-10285](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10285>) **DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded RMI component could allow an unauthenticated attacker to take control of the system. CVSS Base Score: 9.6 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133723> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) **CVEID:** [CVE-2017-9800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800>) **DESCRIPTION:** Apache Subversion could allow a remote attacker to execute arbitrary commands on the system, caused by the connection to URLs provided by the repository. By committing to a honest server, an attacker could exploit this vulnerability using a specially crafted svn+ssh:// URL to execute arbitrary shell commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130360> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-14867](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14867>) **DESCRIPTION:** Git could allow a remote attacker to execute arbitrary commands on the system, caused by the use of unsafe Perl scripts to support subcommands. By using specially-crafted shell metacharacters in a module name, an attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132826> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-5563](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5563>) **DESCRIPTION:** LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tif_lzw.c. By persuading a victim to open a specially-crafted bmp image file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base Score: 8.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121605> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-8816](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816>) **DESCRIPTION:** cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the NTLM authentication feature. By using vectors involving long user and password fields, a remote attacker could overflow a buffer and execute arbitrary code and cause the application to crash. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135657> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-6891](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6891>) **DESCRIPTION:** GnuTLS libtasn1 is vulnerable to a stack-based buffer overflow, caused by 2 errors in the asn1_find_node function in lib/parser_aux.c. By persuading a victim to open a specially-crafted assignments file, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127214> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) **CVEID:** [CVE-2017-14176](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14176>) **DESCRIPTION:** Bazaar could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw when Subprocess SSH is used. By sending a bzr+ssh URL with an initial dash character in the hostname, an attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135732> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) **CVEID:** [CVE-2017-13089](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13089>) **DESCRIPTION:** GNU wget is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the skip_short_body() function in src/http.c. By sending a specially-crafted HTTP data, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134200> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ## Affected Products and Versions IBM Cloud Private 2.1.0 ## Remediation/Fixes For the 2.1.0.x releases: upgrade to version 2.1.0.3 Fix Pack 1 or later * [IBM Cloud Private 2.1.0.3 Fix Pack 1](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-2.1.0.3-build497276&includeSupersedes=0>) ## Workarounds and Mitigations None ## Get Notified about Future Security Bulletins Subscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this. ### References [Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> "Link resides outside of ibm.com" ) [On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> "Link resides outside of ibm.com" ) Off ## Related Information [IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) [IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>) ## Change History 20 July 2018 - original document published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. ## Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions. ## Internal Use Only PR:118490 | A:12622 | IBM Cloud private | IBM Cloud Private Package Vulnerabilities from Vulnerability Advisor Scan [323813] [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSBS6K","label":"IBM Cloud Private"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"2.1.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]


Affected Software


CPE Name Name Version
IBM Cloud Private 2.1.0

Related