IBMDC20BBE5482A40A0BDAE82857A6E8472BDCBE4575896AE7B72100F6E785E7BF6Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in OpenSSH (CVE-2015-5352, CVE-2015-6563, CVE-2015-6564)
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
Summary
Vulnerabilities have been identified in OpenSSH. IBM Security Access Manager appliances use OpenSSH and are affected by these vulnerabilities.
Vulnerability Details
CVEID: CVE-2015-5352**
DESCRIPTION:** OpenSSH could allow a remote authenticated attacker to bypass security restrictions, caused by an error when making connections after ForwardX11Timeout expired. If X11 connections are forwarded with ForwardX11Trusted=no, an attacker could exploit this vulnerability to bypass XSECURITY restrictions.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104418 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2015-6563**
DESCRIPTION:** OpenSSH could allow a local attacker to bypass security restrictions, caused by the acceptance of extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests by the monitor component in sshd. An attacker could exploit this vulnerability to conduct impersonation attacks.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105881 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2015-6564**
DESCRIPTION:** OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the mm_answer_pam_free_ctx function. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105882 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM Security Access Manager for Web 7.0 appliances
IBM Security Access Manager for Web 8.0, all firmware versions
IBM Security Access Manager for Mobile 8.0, all firmware versions
IBM Security Access Manager 9.0, all firmware versions
Remediation/Fixes
The table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch.
| Product | VRMF | APAR | Remediation |
|---|---|---|---|
| IBM Security Access Manager for Web | 7.0 (appliance) | IV90714 | Apply Interim Fix 28: |
| 7.0.0-ISS-WGA-IF0028 | |||
| IBM Security Access Manager for Web | 8.0.0.0 - | ||
| 8.0.1.4 | IV90643 | Upgrade to 8.0.1.5: | |
| 8.0.1-ISS-WGA-FP0005 | |||
| IBM Security Access Manager for Mobile | 8.0.0.0 - | ||
| 8.0.1.4 | IV90697 | Upgrade to 8.0.1.5: | |
| 8.0.1-ISS-ISAM-FP0005 | |||
| IBM Security Access Manager | 9.0 - | ||
| 9.0.1.0 | IV90477 | Upgrade to 9.0.2.0: | |
| IBM Security Access Manager V9.0.2 Multiplatform, Multilingual (CRW4EML) |
Workarounds and Mitigations
None.
Related
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C