SB2017050817 - Multiple vulnerabilities in SAN Volume Controller, Storwize family and FlashSystem V9000 products
Published: May 8, 2017 Updated: February 27, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) Integer overflow in ssl3_get_client_hello() (CVE-ID: CVE-2016-2177)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause denial of service conditions on the target system.
The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.
2) Observable discrepancy (CVE-ID: CVE-2016-2178)
CWE-ID: CWE-203 - Observable discrepancy
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to perform timing attack.
The vulnerability exists due to an error within the dsa_sign_setup() function in crypto/dsa/dsa_ossl.c. A local user can obtain a DSA private key via a timing side-channel attack.
3) Information disclosure (CVE-ID: CVE-2016-2183)
CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to decrypt transmitted data.
The vulnerability exists due to remote user's ability to control the network and capture long duration 3DES CBC mode encrypted session during which he can see a part of the text. In case of repeated sending the attacker can read the part and reconstruct the whole text.
Successful exploitation of this vulnerability may allow a remote attacker to decode transmitted data. This vulnerability is known as SWEET32.
4) Out-of-bounds read (CVE-ID: CVE-2016-6302)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when handling SHA512 TLS session tickets. A remote attacker can send specially crafted packets to the system, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
5) Resource exhaustion (CVE-ID: CVE-2016-6304)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in OCSP stapling implementation in OpenSSL. A remote attacker can multiple requests with a large OCSP Status Request extension and consume all available memory on the system.
6) Denial of service (CVE-ID: CVE-2016-6306)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakess exists due insufficient length validation of certain TLS/SSL protocol handshake messages. By causing out-of-bounds read error attackers can trigger the affected service deny.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
Remediation
Install update from vendor's website.