Multiple vulnerabilities in IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module

1) Man-in-the-middle attack

EUVDB-ID: #VU86

Risk: Medium

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C]

CVE-ID: CVE-2015-4000

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to decrypt TLS connections in certain situations.

The vulnerability exists due to boundary error when parsing HTTP requests. A remote unauthenticated attacker can conduct a man-in-the-middle attack that can lead to the target system to downgrade the Diffie-Hellman algorithm to 512-bit export-grade cryptography.

Successful exploitation of this vulnerability may result in modification of authentication information

Mitigation

Install update from vendor's website.

Vulnerable software versions

QLogic Virtual Fabric Extension Module for IBM BladeCenter: before 9.1.5.04.00

Flex System FC43171 8Gb SAN Switch and SAN Pass-thru: before 9.1.5.04.00

QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter: before 7.10.1.35.00

External links

http://www.ibm.com/support/pages/node/868200

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

2) Resource management error

EUVDB-ID: #VU70417

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-1788

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application in the BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QLogic Virtual Fabric Extension Module for IBM BladeCenter: before 9.1.5.04.00

Flex System FC43171 8Gb SAN Switch and SAN Pass-thru: before 9.1.5.04.00

QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter: before 7.10.1.35.00

External links

http://www.ibm.com/support/pages/node/868200

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU70419

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-1789

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the X509_cmp_time function in crypto/x509/x509_vfy.c. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QLogic Virtual Fabric Extension Module for IBM BladeCenter: before 9.1.5.04.00

Flex System FC43171 8Gb SAN Switch and SAN Pass-thru: before 9.1.5.04.00

QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter: before 7.10.1.35.00

External links

http://www.ibm.com/support/pages/node/868200

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU70420

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-1790

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QLogic Virtual Fabric Extension Module for IBM BladeCenter: before 9.1.5.04.00

Flex System FC43171 8Gb SAN Switch and SAN Pass-thru: before 9.1.5.04.00

QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter: before 7.10.1.35.00

External links

http://www.ibm.com/support/pages/node/868200

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU77184

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-1791

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL. A local user can exploit the race and cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QLogic Virtual Fabric Extension Module for IBM BladeCenter: before 9.1.5.04.00

Flex System FC43171 8Gb SAN Switch and SAN Pass-thru: before 9.1.5.04.00

QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter: before 7.10.1.35.00

External links

http://www.ibm.com/support/pages/node/868200

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU77185

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-1792

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the do_free_upto function in crypto/cms/cms_smime.c in OpenSSL. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack via vectors that trigger a NULL value of a BIO data structure.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QLogic Virtual Fabric Extension Module for IBM BladeCenter: before 9.1.5.04.00

Flex System FC43171 8Gb SAN Switch and SAN Pass-thru: before 9.1.5.04.00

QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter: before 7.10.1.35.00

External links

http://www.ibm.com/support/pages/node/868200

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.