Multiple vulnerabilities in IBM BladeCenter Advanced Management Module (AMM)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2015-3194 CVE-2015-3195 CVE-2015-3196 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 |
| CWE-ID | CWE-476 CWE-200 CWE-362 CWE-415 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
IBM BladeCenter Advanced Management Module Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU77550
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-3194
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in crypto/rsa/rsa_ameth.c in OpenSSL. A remote attacker can trigger denial of service conditions via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM BladeCenter Advanced Management Module: before 3.66u
External linkshttp://www.ibm.com/support/pages/node/868522
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU77552
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-3195
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL. A remote attacker can gain unauthorized access to sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM BladeCenter Advanced Management Module: before 3.66u
External linkshttp://www.ibm.com/support/pages/node/868522
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU77556
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-3196
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the ssl/s3_clnt.c in OpenSSL when used for a multi-threaded client. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system via a crafted ServerKeyExchange message.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM BladeCenter Advanced Management Module: before 3.66u
External linkshttp://www.ibm.com/support/pages/node/868522
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU1962
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0702
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to decrypt data passed via encrypted SSL connection.
The vulnerability exists in the MOD_EXP_CTIME_COPY_FROM_PREBUF() function in crypto/bn/bn_exp.c. The application does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts.
The vulnerability was dubbed "CacheBleed".
Install update from vendor's website.
Vulnerable software versionsIBM BladeCenter Advanced Management Module: before 3.66u
External linkshttp://www.ibm.com/support/pages/node/868522
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Double free error
EUVDB-ID: #VU1622
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0705
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to double-free error when parsing DSA private keys. A remote attacker can trigger memory corruption and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsIBM BladeCenter Advanced Management Module: before 3.66u
External linkshttp://www.ibm.com/support/pages/node/868522
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU32244
Risk: Medium
CVSSv3.1: 6.5 [AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0797
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM BladeCenter Advanced Management Module: before 3.66u
External linkshttp://www.ibm.com/support/pages/node/868522
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
