Lucene search

K
nessusThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.WEBSPHERE_MQ_7010_7019.NASL
HistoryNov 29, 2012 - 12:00 a.m.

IBM WebSphere MQ 7.0 / 7.1 / 7.5 Global Security Toolkit Vulnerabilities

2012-11-2900:00:00
This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
www.tenable.com
24

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.068 Low

EPSS

Percentile

93.9%

The version of IBM WebSphere MQ server is version 7.0 without Fix Pack 7.0.1.9, 7.1 without Fix Pack 7.1.0.2 or 7.5 without Fix Pack 7.5.0.1. It is, therefore, affected by the following vulnerabilities :

  • A flaw exists in Global Security Kit (GSkit) due to a failure to properly validate data when the β€˜protection mechanism’ is executed against an SSL CBC timing attack.
    A remote attacker, using crafted values in the TLS Record Layer, can exploit this to cause a denial of service.
    (CVE-2012-2191)

  • A flaw exists in Global Security Kit (GSkit) due to a failure to properly verify certificates, which can allow a remote attacker to conduct a man-in-the-middle attack.
    (CVE-2012-2203)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(63098);
  script_version("1.6");
  script_cvs_date("Date: 2018/08/06 14:03:16");

  script_cve_id("CVE-2012-2191", "CVE-2012-2203");
  script_bugtraq_id(54743);

  script_name(english:"IBM WebSphere MQ 7.0 / 7.1 / 7.5 Global Security Toolkit Vulnerabilities");
  script_summary(english:"Checks the version of IBM WebSphere MQ.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a service installed that has multiple
vulnerabilities within the IBM Global Security Toolkit.");
  script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere MQ server is version 7.0 without Fix
Pack 7.0.1.9, 7.1 without Fix Pack 7.1.0.2 or 7.5 without Fix Pack
7.5.0.1. It is, therefore, affected by the following vulnerabilities :

  - A flaw exists in Global Security Kit (GSkit) due to a
    failure to properly validate data when the 'protection
    mechanism' is executed against an SSL CBC timing attack.
    A remote attacker, using crafted values in the TLS Record
    Layer, can exploit this to cause a denial of service.
    (CVE-2012-2191)

  - A flaw exists in Global Security Kit (GSkit) due to a
    failure to properly verify certificates, which can allow
    a remote attacker to conduct a man-in-the-middle attack.
    (CVE-2012-2203)");
  script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21614483");
  # https://www-304.ibm.com/connections/blogs/PSIRT/entry/websphere_mq_security_bulletin_multiple_vulnerabilities_in_gskit_component7?lang=en_us
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?be2ba65d");
  script_set_attribute(attribute:"solution",value:"Apply fix pack 7.0.1.9 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_mq");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("websphere_mq_installed.nasl");
  script_require_keys("installed_sw/IBM WebSphere MQ");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

app_name = "IBM WebSphere MQ";
install  = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
version  = install['version'];
path     = install['path'];
type     = install['Type'];
fix      = FALSE;
fixes    = make_array(
  "^7\.0\.1\.", "7.0.1.9",
  "^7\.1\.0\.", "7.1.0.2",
  "^7\.5\.0\.", "7.5.0.1"
);

# Only server
if (tolower(type) != "server")
  audit(AUDIT_HOST_NOT,app_name+" Server");

# Find the fix for our version
foreach fixcheck (keys(fixes))
{
  if(version =~ fixcheck)
  {
    fix = fixes[fixcheck];
    break;
  }
}

# Version not affected
if(!fix)
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);

# Check affected version
if(ver_compare(ver:version, fix:fix, strict:FALSE) == -1)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;
  if (report_verbosity > 0)
  {
    report = 
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : ' + fix +
      '\n';
    security_hole(extra:report, port:port);
  }
  else security_hole(port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);
VendorProductVersionCPE
ibmwebsphere_mqcpe:/a:ibm:websphere_mq

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.068 Low

EPSS

Percentile

93.9%

Related for WEBSPHERE_MQ_7010_7019.NASL