SB2015042110 - Multiple vulnerabilities in IBM Integrated Management Module (IMM)
Published: April 21, 2015 Updated: October 25, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2015-0209)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c. A remote attacker can perform a denial of service (DoS) attack or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.
2) Input validation error (CVE-ID: CVE-2015-0293)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the SSLv2 implementation. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
3) Buffer overflow (CVE-ID: CVE-2015-0292)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a boundary error in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack or possibly have unspecified other impact.
4) NULL pointer dereference (CVE-ID: CVE-2015-0289)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the PKCS#7 implementation. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2015-0288)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the X509_to_X509_REQ function in crypto/x509/x509_req.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
6) Buffer overflow (CVE-ID: CVE-2015-0287)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.
7) Input validation error (CVE-ID: CVE-2015-0286)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the affected device does not properly perform boolean-type comparisons within the ASN1_TYPE_cmp function in crypto/asn1/a_type.c. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
8) Resource management error (CVE-ID: CVE-2015-1788)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application in the BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
9) Race condition (CVE-ID: CVE-2015-3216)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL. A local user can exploit the race and cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.
10) Resource management error (CVE-ID: CVE-2015-1792)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the do_free_upto function in crypto/cms/cms_smime.c in OpenSSL. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack via vectors that trigger a NULL value of a BIO data structure.
11) Race condition (CVE-ID: CVE-2015-1791)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL. A local user can exploit the race and cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.
12) NULL pointer dereference (CVE-ID: CVE-2015-1790)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
13) Buffer overflow (CVE-ID: CVE-2015-1789)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the X509_cmp_time function in crypto/x509/x509_vfy.c. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.
14) Man-in-the-middle attack (CVE-ID: CVE-2015-4000)
The vulnerability allows a remote attacker to decrypt TLS connections in certain situations.The vulnerability exists due to boundary error when parsing HTTP requests. A remote unauthenticated attacker can conduct a man-in-the-middle attack that can lead to the target system to downgrade the Diffie-Hellman algorithm to 512-bit export-grade cryptography.
Successful exploitation of this vulnerability may result in modification of authentication information
Remediation
Install update from vendor's website.