SB2014042122 - Multiple vulnerabilities in IBM BladeCenter Advanced Management Module
Published: April 21, 2014 Updated: February 22, 2024
Security Bulletin ID
SB2014042122
Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Denial of service (CVE-ID: CVE-2013-5211)
The vulnerability allows a remote attacker to cause DoS conditions on the target system.The weakness exists due to an error in the monlist feature in ntp_request.c. By sending a specially crafted REQ_MON_GETLIST or REQ_MON_GETLIST_1 request, a remote attacker can consume available CPU resources and cause the server to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Note: the vulnerability was being actively exploited.
2) Cryptographic issues (CVE-ID: CVE-2013-6718)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can discover account names and passwords via use of an unspecified interface.
Remediation
Install update from vendor's website.