Security Bulletin: Multiple vulnerabilities in expat, nss,  bind ,  policycoreutils, sudo shipped with  SmartCloud Entry Appliance

Summary

Multiple vulnerabilities have been idintified in Expat, nss, ISC BIND , policycoreutils and sudo libraries shipped with SmartCloud Entry Appliance. SmartCloud Entry Appliance has addressed the vulnerabilities.

Vulnerability Details

CVEID: CVE-2016-0718**
DESCRIPTION:** Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By using the Expat library, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113408 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-2834**
DESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113870 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-5285**
DESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, is vulnerable to a denial of service, caused by a NULL pointer dereference in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime when handling invalid Diffie-Hellman keys. A remote attacker could exploit this vulnerability to crash a TLS/SSL server.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119189 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-8635**
DESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caused by a small subgroup confinement attack in Diffie Hellman Client key exchange handling. By confining the client DH key to small subgroup of the desired group, a remote attacker could exploit this vulnerability to recover private keys.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119190 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-7545**
DESCRIPTION:** Policycoreutils could allow a remote attacker to execute arbitrary commands on the system, caused by a TIOCSTI ioctl attack in the provided sandbox tool. By persuading a victim to run a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119020 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)

CVEID: CVE-2016-8864**
DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing a DNAME answer in db.c or resolver.c. By sending a recursive response, a remote attacker could exploit this vulnerability to trigger an assertion failure.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118526 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7032**
DESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed system() or popen() C library functions with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges.
CVSS Base Score: 6.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119500 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-7076**
DESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed wordexp() C library function with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges.
CVSS Base Score: 6.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119502 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM SmartCloud Entry Appliance 2.2
IBM SmartCloud Entry Appliance 2.3.0 through 2.3.0 fix pack 8,
IBM SmartCloud Entry Appliance 2.4.0 through 2.4.0 fix pack 8,
IBM SmartCloud Entry Appliance 3.1.0 through 3.1.0 fix pack 23,
IBM SmartCloud Entry Appliance 3.2.0 through 3.2.0 fix pack 23

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
SmartCloud Entry| 2.3| IBM SmartCloud Entry 2.3.0 Appliance Fixpack 9:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.3.0.4-IBM-SCE_APPL-FP009&source=SAR
SmartCloud Entry| 2.4| IBM SmartCloud Entry 2.4.0 Appliance Fixpack 9:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.4.0.4-IBM-SCE_APPL-FP009&source=SAR&function=fixId&parent=ibm/Other%20software
SmartCloud Entry| 3.1| IBM SmartCloud Entry 3.1.0 Appliance Fixpack 24:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.1.0.4-IBM-SCE_APPL-FP24&source=SAR
SmartCloud Entry| 3.2| IBM SmartCloud Entry 3.2.0 Appliance Fixpack 24:
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.2.0.4-IBM-SCE_APPL-FP24&source=SAR&function=fixId&parent=ibm/Other%20software

For IBM SmartCloud Entry Appliance 2.2, IBM recommends upgrading to a fixed, supported release of the product.

Workarounds and Mitigations

None