Lucene search

K
ibmIBMF2BC67EAFE3FB2B6D727749BE51CA6E2C0B10F71672B140D5EFF2E7D2355E378
HistoryMar 01, 2019 - 2:00 p.m.

Security Bulletin: Public disclosed vulnerabilities from Jackson-databind affects IBM Spectrum LSF

2019-03-0114:00:01
www.ibm.com
8

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.939 High

EPSS

Percentile

99.1%

Summary

Public disclosed vulnerabilities from Jackson-databind affects IBM Spectrum LSF: CVE-2017-7525, CVE-2017-15095, CVE-2017-17485, CVE-2018-5968, CVE-2018-7489

Vulnerability Details

CVE-2017-7525

Jackson-databind (Also implemented in JBoss BPM Suite) is vulnerable to remote code execution when deserializing via the readValue() method of ObjectMapper.

CVE-2017-15095

An unauthenticated attacker can create a specially crafted payload that when deserialized in Jackson-databind can lead to Code Execution.

CVE-2017-17485

Deserialization of untrusted user data in Jackson Databind could allow an attacker to perform PHP Object Injection resulting in Remote Code Execution. This issue exists because of an incomplete fix for CVE-2017-7525 which the vendor tried to address through an incomplete blocklist.

CVE-2018-5968

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blocklist.

CVE-2018-7489

FasterXML jackson-databind contains a remote code execution (RCE) vulnerability due to an incomplete fix for the CVE-2017-7525 deserialization flaw. An unauthenticated attacker can exploit this vulnerability via readValue method to execute arbitrary code.

Affected Products and Versions

IBM Spectrum LSF 10.0.0.4
IBM Spectrum LSF 10.0.0.5
IBM Spectrum LSF 10.0.0.6
IBM Spectrum LSF 10.0.0.7

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Remediation / First Fix

—|—|—|—

LSF

|

10.1.0.4

|

None

|

See fix below

LSF

|

10.1.0.5

|

None

|

See fix below

LSF

|

10.1.0.6

|

None

|

See fix below

LSF

|

10.1.0.7

|

None

|

See fix below

Download Fix 512358 from the following location:
http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+LSF&release=All&platform=All&function=fixId&fixids=lsf-10.1-build512358&includeSupersedes=0

  1. Go to the patch install directory: cd $LSF_ENVDIR/…/10.1/install/

  2. Copy the patch file to the install directory $LSF_ENVDIR/…/10.1/install/

  3. Run patchinstall: ./patchinstall <patch>

  4. Run “badmin mbdrestart”

Workarounds and Mitigations

CPENameOperatorVersion
platform lsfeqany

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.939 High

EPSS

Percentile

99.1%