Lucene search

K
ibmIBMCA3DB267748FEDA044673A3E7FFA6B9A5493629747388C6C0E74CA01703CD7CD
HistoryJun 18, 2018 - 1:33 a.m.

Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities

2018-06-1801:33:37
www.ibm.com
16

EPSS

0.242

Percentile

96.6%

Summary

Multiple security vulnerabilities have been discovered in php that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities.

Vulnerability Details

CVEID: CVE-2015-8835**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly retrieve keys by the make_http_soap_request function. A remote attacker could exploit this vulnerability using specially crafted serialized data to execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114527 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-8866**
DESCRIPTION:** PHP could allow a remote attacker to obtain sensitive information, caused by the failure to isolate each thread from libxml_disable_entity_loader changes in other threads by ext/libxml/libxml.c. An attacker could exploit this vulnerability using a specially crafted XML document to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks.
CVSS Base Score: 9.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113954 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2016-3141**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in WDDX Deserialize when processing XML data. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111456 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2014-9767**
DESCRIPTION:** PHP could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to ZipArchive::extractTo containing directory traversal sequences to view arbitrary files on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111541 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-3185**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in make_http_soap_request(). By sending a specially crafted SOAP request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111539 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-4070**
DESCRIPTION:** PHP is vulnerable to a denial of service, caused by an integer overflow in the php_raw_url_encode function. A remote attacker could exploit this vulnerability using an overly long string to cause the application to crash. Note: The details of this vulnerability have been disputed by the vendor.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114120 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-4537**
DESCRIPTION:** PHP is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by bcpowmod. By sending a negative string, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113005 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-4538**
DESCRIPTION:** PHP is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by bcpowmod when handling one definition. A remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113007 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-4542**
DESCRIPTION:** PHP is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the exif_read_data function. By sending a specially-crafted spprintf call, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to enter into an infinite loop.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113012 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-4543**
DESCRIPTION:** PHP is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the exif_read_data function. By using the Illegal IFD size validation, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to enter into an infinite loop.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113013 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-4544**
DESCRIPTION:** PHP is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the exif_read_data function. By using the Invalid TIFF start validation, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to enter into an infinite loop.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113014 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-5094**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the php_html_entities() function. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113516 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-5095**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the php_html_entities() function. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113517 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-5096**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by an integer underflow in fread/gzread. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113518 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-5399**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the bzread() function. By sending a specially-crafted request, an attacker could exploit this vulnerability to upload a malformed PHP script to execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115332 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-8935**
DESCRIPTION:** PHP is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the header() function with Internet Explorer. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114314 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID: CVE-2016-5766**
DESCRIPTION:** PHP is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the _gd2GetHeader() function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114386 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-5767**
DESCRIPTION:** PHP is vulnerable to a heap-based buffer overflow, caused by an integer interflow in the gdImagePaletteToTrueColor() function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114387 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-5769**
DESCRIPTION:** PHP is vulnerable to a heap-based buffer overflow, caused by an integer overflow when mcrypt_generic try to calculate data_size. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114389 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-5772**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by a double-free error in wddx_deserialize. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114392 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-6288**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by a buffer over-read in the php_url_parse_ex function. An attacker could exploit this vulnerability using vectors involving the smart_str data type to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115541 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-6289**
DESCRIPTION:** PHP is vulnerable to a stack-based buffer overflow, caused by an integer overflow in the virtual_file_ex function. By using a specially crafted extract operation on a ZIP archive, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115540 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-6290**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in session.c. An attacker could exploit this vulnerability using vectors related to session deserialization to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115539 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-6291**
DESCRIPTION:** PHP could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds array in the exif_process_IFD_in_MAKERNOTE function. By persuading a victim to open a specially crafted JPEG image, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115538 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-6296**
DESCRIPTION:** PHP is vulnerable to a heap-based buffer overflow, caused by an integer signedness error in the simplestring_addn function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115533 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-6297**
DESCRIPTION:** PHP is vulnerable to a stack-based buffer overflow, caused by an integer overflow in the php_stream_zip_opener function. By using a specially crafted zip:// URL, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115532 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

Flex System Manager 1.3.4.x
Flex System Manager 1.3.3.x
Flex System Manager 1.3.2.x

Remediation/Fixes

IBM recommends updating the FSM using the instructions referenced in this table.

Product |

VRMF |

APAR |

Remediation
—|—|—|—
Flex System Manager|

1.3.4.x |

IT16774

| Ensure the steps in Technote 761981453 are completed, and then install fsmfix1.3.4.0_IT16772_IT16773_IT16774_IT16776
Flex System Manager|

1.3.3.x |

IT16774

| Ensure the steps in Technote 736218441 are completed and then install fsmfix1.3.3.0_IT16772_IT16773_IT16774_IT16776
Flex System Manager|

1.3.2.x |

IT16774

| Ensure the steps in Technote 736218441 are completed and then install fsmfix1.3.2.0_IT16772_IT16773_IT16774_IT16776

For 1.1.x.x, 1.2.x.x, 1.3.0.x and 1.3.1.x IBM recommends upgrading to a fixed, supported version/release of the product.

You should verify applying this fix does not cause any compatibility issues. The fix disables older encrypted protocols by default. If you change the default setting after applying the fix, you will expose yourself to the attack described in IT15244. IBM recommends that you review your entire environment to identify other areas where you have enabled weak encryption and take appropriate mitigation and remediation actions.

Workarounds and Mitigations

none