Lucene search

IBMEDF0DE3C53392E25F6AA4A41594441B3B42A688C94A63F2BE16865CBA0FDE7D7

HistoryJun 18, 2018 - 1:29 a.m.

Security Bulletin: A security vulnerability with net-snmp affects IBM Flex System Manager (CVE-2015-5621)

2018-06-1801:29:34

www.ibm.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

A security vulnerability has been identified in net-snmp that is used by IBM Flex System Manager (FSM). This bulletin addresses this vulnerability.

Vulnerability Details

CVEID: CVE-2015-5621**
DESCRIPTION:** Net-SNMP is vulnerable to a denial of service, caused by incompletely parsed varBind variables being left in the list of variables by the snmp_pdu_parse() function. A remote attacker could exploit this vulnerability to cause the application to crash or possibly execute arbitrary code on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/105232 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Flex System Manager 1.1.x.x

Flex System Manager 1.2.0.x

Flex System Manager 1.2.1.x

Flex System Manager 1.3.0.x

Flex System Manager 1.3.1.x

Flex System Manager 1.3.2.x

Flex System Manager 1.3.3.x

Flex System Manager 1.3.4.x

Remediation/Fixes

Product

| VRMF| APAR| Remediation
—|—|—|—
Flex System Manager| 1.3.4.x| IT11633| fsmfix1.3.4.0_IT11633_IT11634_IT11652
Flex System Manager| 1.3.3.x| IT11633| fsmfix1.3.3.0_IT11633___IT11634_IT11652
Flex System Manager| 1.3.2.x| IT11633| fsmfix1.3.2.0_IT11633_IT11634_IT11652
Flex System Manager| 1.3.1.x| IT11633| IBM is no longer providing code updates for this release. Update to FSM 1.3.4.0 and follow the appropriate remediation for all vulnerabilities.
Flex System Manager| 1.3.0.x| IT11633| IBM is no longer providing code updates for this release. Update to FSM 1.3.4.0 and follow the appropriate remediation for all vulnerabilities.
Flex System Manager| 1.2.1.x| IT11633| Effective September 30, 2015 IBM has discontinued service for these version/release/modification/fix levels.
Flex System Manager| 1.2.0.x| IT11633| Effective September 30, 2015 IBM has discontinued service for these version/release/modification/fix levels.
Flex System Manager| 1.1.x.x| IT11633| Effective April 30, 2015 IBM has discontinued service for these version/release/modification/fix levels.

Workarounds and Mitigations

None

CPENameOperatorVersion
flex system manager nodeeqany

CPE	Name	Operator	Version
	flex system manager node	eq	any

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for EDF0DE3C53392E25F6AA4A41594441B3B42A688C94A63F2BE16865CBA0FDE7D7