Multiple vulnerabilities in IBM BladeCenter Advanced Management Module (AMM)
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2014-6277 CVE-2014-6278 CVE-2016-0634 CVE-2016-7543 |
| CWE-ID | CWE-119 CWE-77 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. |
| Vulnerable software Subscribe |
IBM BladeCenter Advanced Management Module Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU5310
Risk: Critical
CVSSv3.1: 9.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2014-6277
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect parsing of environment variables. A remote attacker can trigger memory corruption and execute arbitrary code on the target system as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. The vulnerability was introduced by incorrect patching of vulnerabilities #1 (CVE-2014-6271) and #2 (CVE-2014-7169).
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited in the wild.
Mitigation
Install update from vendor's website.
Vulnerable software versionsIBM BladeCenter Advanced Management Module: before BPET68C-3.68C
External linkshttp://www.ibm.com/support/pages/node/868700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Command injection
EUVDB-ID: #VU5322
Risk: Critical
CVSSv3.1: 9.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2014-6278
CWE-ID:
CWE-77 - Command injection
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to an incomplete fix related to the parsing of user scripts. By using attack vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, a remote attacker can execute arbitrary code with privileges of the current user. The vulnerability was introduced by incorrect patching of vulnerabilities #1 (CVE-2014-6271), #2 (CVE-2014-7169) and #3 (CVE-2014-6277)
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
Mitigation
Install update from vendor's website.
Vulnerable software versionsIBM BladeCenter Advanced Management Module: before BPET68C-3.68C
External linkshttp://www.ibm.com/support/pages/node/868700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
3) Improper input validation
EUVDB-ID: #VU13103
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-0634
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The vulnerability exists in the expansion of 'h' in the prompt string due to insufficient validation of user-supplied input. A remote attacker can place shell metacharacters in 'hostname' of a machine and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM BladeCenter Advanced Management Module: before BPET68C-3.68C
External linkshttp://www.ibm.com/support/pages/node/868700
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Command injection
EUVDB-ID: #VU13104
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7543
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary commands on the target system.
Install update from vendor's website.
Vulnerable software versionsIBM BladeCenter Advanced Management Module: before BPET68C-3.68C
External linkshttp://www.ibm.com/support/pages/node/868700
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
