SB2015042111 - Multiple vulnerabilities in IBM Integrated Management Module II (IMM2) 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015042111

SB2015042111 - Multiple vulnerabilities in IBM Integrated Management Module II (IMM2)

Published: April 21, 2015 Updated: October 27, 2023

Security Bulletin ID SB2015042111
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 9% Medium 73% Low 18%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Man-in-the-middle attack (CVE-ID: CVE-2015-4000)

The vulnerability allows a remote attacker to decrypt TLS connections in certain situations.

The vulnerability exists due to boundary error when parsing HTTP requests. A remote unauthenticated attacker can conduct a man-in-the-middle attack that can lead to the target system to downgrade the Diffie-Hellman algorithm to 512-bit export-grade cryptography.

Successful exploitation of this vulnerability may result in modification of authentication information

2) Buffer overflow (CVE-ID: CVE-2014-8176)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.


3) Buffer overflow (CVE-ID: CVE-2015-1789)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the X509_cmp_time function in crypto/x509/x509_vfy.c. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.


4) NULL pointer dereference (CVE-ID: CVE-2015-1790)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


5) Race condition (CVE-ID: CVE-2015-1791)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL. A local user can exploit the race and cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.


6) Resource management error (CVE-ID: CVE-2015-1792)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the do_free_upto function in crypto/cms/cms_smime.c in OpenSSL. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack via vectors that trigger a NULL value of a BIO data structure.


7) Resource management error (CVE-ID: CVE-2015-1788)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application in the BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


8) Buffer overflow (CVE-ID: CVE-2015-1781)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6). A remote attacker can create a specially crafted file and execute arbitrary code on the target system.


9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2013-2207)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.


10) Infinite loop (CVE-ID: CVE-2014-8121)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker can cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.


11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-5600)

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.


Remediation

Install update from vendor's website.

References