Security Bulletin: Multiple OpenSource Expat XML Vulnerabilities affect IBM DB2 Net Search Extender for Linux, Unix and Windows

Summary

There are multiple vulnerabilities in open source expat XML parser that is used in DB2 Net Search Extender.

Vulnerability Details

CVEID: CVE-2012-0876
DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple specially-crafted HTTP POST requests to an affected application containing conflicting hash key values, a remote attacker could exploit this vulnerability to cause the consumption of CPU resources.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73868&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2012-1147 DESCRIPTION: Expat is vulnerable to a denial of service, caused by a resource leak in readfilemap.c when handling XML data. A remote attacker could exploit this vulnerability to cause the application using the vulnerable XML parsing library to crash.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73866&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2012-1148 DESCRIPTION: Expat is vulnerable to a denial of service, caused by a memory leak in poolGrow when handling XML data. A remote attacker could exploit this vulnerability to cause the application using the vulnerable XML parsing library to crash.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73867&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-1283 DESCRIPTION: Expat, as used in Google Chrome, is vulnerable to a heap-based buffer overflow, caused by multiple integer overflows in the XML_GetBuffer function. By persuading a victim to open a specially carfetd XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/104964&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-2716 DESCRIPTION: Expat, as used in Mozilla Firefox and Thunderbird, is vulnerable to a buffer overflow, caused by improper bounds checking by the XML parser. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103214&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2016-4472 DESCRIPTION: Expat XML parser is vulnerable to a denial of service, caused by the removal by compilers with certain optimization settings. By using a specially-crafted XML data, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114683&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-0718 DESCRIPTION: Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By using the Expat library, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113408&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID**:** CVE-2012-6702 DESCRIPTION**:** Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, could provide weaker than expected security. An attacker could exploit this vulnerability using attack vectors involving use of the srand function to defeat cryptographic protection mechanisms.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114541&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2016-5300 DESCRIPTION: Expat XML parser is vulnerable to a denial of service, caused by the failure to use sufficient entropy for hash initialization. By using a specially-crafted identifiers in an XML document, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114435&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

DB2 Net Search Extender V9.7, V10.1, V10.5 and V11.1 for all supported platforms

Remediation/Fixes

Release

| V9.7|V10.1|V10.5|V11.1
—|—|—|—|—
APAR Number| IT17226| IT17231| IT17232| IT17233 ** Linux AMD 64bit**| V9.7 LinuxAMD64| V10.1 LinuxAMD64| V10.5 LinuxAMD64| V11.1 LinuxAMD64 ** Linux 32bit**| N/A| N/A| V10.5 Linux32| N/A ** Windows 64bit | V9.7 NTX64| V10.1 NTX64| V10.5 NTX64| V11.1 NTX64 ** Windows 32bit | V9.7 NT32| V10.1 NT32| V10.5 NT32| N/A ** AIX 64bit| V9.7 AIX64| V10.1 AIX64| V10.5 AIX64| V11.1 AIX64 ** zLinux 64bit| V9.7 zLinux64| V10.1 zLinux64| V10.5 zLinux64| V11.1 zLinux64 ** Sun 64bit**| V9.7 Sun64| V10.1 Sun64| V10.5 Sun64| N/A ** HP 64bit**| V9.7 HP64| V10.1 HP64| V10.5 HP64| N/A

Workarounds and Mitigations

None