SB2018042481 - Multiple vulnerabilities in IBM Flex System Chassis Management Module (CMM)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018042481

SB2018042481 - Multiple vulnerabilities in IBM Flex System Chassis Management Module (CMM)

Published: April 24, 2018 Updated: February 17, 2025

Security Bulletin ID SB2018042481
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2018-1000120)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow. A remote attacker that can control the paths that curl uses for FTP can create specially crafted path names containing the control characters '%00', trigger memory corruption and execute arbitrary code.



2) Null pointer dereference (CVE-ID: CVE-2018-1000121)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in ldap_get_attribute_ber(). A remote attacker can return a specially crafted redirect to an LDAP URL, trigger NULL pointer dereference and cause the service to crash.//

3) Buffer over-read (CVE-ID: CVE-2018-1000122)

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.

The weakness exists due to buffer over-read. A remote attacker can cause the target application to trigger a buffer copy error in processing RTSP URLs and cause the application to crash or access potentially sensitive information on the target system.

4) Heap-based buffer over-read (CVE-ID: CVE-2018-1000301)

The vulnerability allows a remote attacker to obtain potentially sensitive information and cause DoS condition on the target system.

The weakness exists due to heap-based buffer over-read. When servers send RTSP responses back to curl, the data starts out with a set of headers. curl parses that data to separate it into a number of headers to deal with those appropriately and to find the end of the headers that signal the start of the "body" part. The function that splits up the response into headers is called Curl_http_readwrite_headers() and in situations where it can't find a single header in the buffer, it might end up leaving a pointer pointing into the buffer instead of to the start of the buffer which then later on may lead to an out of buffer read when code assumes that pointer points to a full buffer size worth of memory to use. A remote attacker can gain access to potentially sensitive information and cause the service to crash.

Remediation

Install update from vendor's website.

References