Security Bulletin: libuser vulnerabilities affect IBM Storwize V7000 Unified (CVE-2015-3245 and CVE-2015-3246)

Summary

Fixes for security vulnerabilities in libuser are available with IBM Storwize V7000 Unified version 1.5.2.2

Vulnerability Details

CVEID: CVE-2015-3245

DESCRIPTION: libuser is vulnerable to a denial of service, caused by the failure to properly filter out newline characters by the chfn() function within the userhelper utility. A local authenticated attacker could exploit this vulnerability to inject newline characters into the /etc/passwd file and cause a denial of service.

CVSS Base Score: 4.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105022&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/PR:L/UI:N/S:U/CI:N/I:N/A:H)

CVEID: CVE-2015-3246

DESCRIPTION: libuser could allow a local authenticated attacker to gain elevated privileges on the system, caused by the improper handling of the /etc/passwd file. An attacker could exploit this vulnerability to gain root privileges on the system.

CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105023&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/PR:L/UI:N/S:U/CI:H/I:H/A:H)

Affected Products and Versions

IBM Storwize V7000 Unified
The product is affected when running a code releases 1.5.0.0 to 1.5.2.1

Remediation/Fixes

A fix for these issues is in version 1.5.2.2 of IBM Storwize V7000 Unified. Customers running an affected version of V7000 Unified should upgrade to 1.5.2.2 or a later version, so that the fix gets applied.

Latest Storwize V7000 Unified Software

Workarounds and Mitigations

Workaround(s): None

Mitigation(s): Ensure that all users who have access to the system are authenticated by another security system such as a firewall.