Multiple vulnerabilities in Multiple N series Products
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109 CVE-2016-2176 CVE-2016-2108 |
| CWE-ID | CWE-284 CWE-20 CWE-119 CWE-126 CWE-120 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Data ONTAP operating in 7-Mode Operating systems & Components / Operating system package or component SnapDrive for Unix Other software / Other software solutions SnapDrive for Windows Other software / Other software solutions |
| Vendor | NetApp |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Traffic decryption
EUVDB-ID: #VU639
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2016-2107
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to decrypt traffic on the target system.
The weakness is due to access control error.If the connection uses an AES CBC cipher and the server support AES-NI attackers can perform padding oracle attack.
Successful exploitation of the vulnerability leads to traffic decryption on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionsData ONTAP operating in 7-Mode: 8.2.1 - 8.2.4
SnapDrive for Unix: 5.2 - 5.3
SnapDrive for Windows: 7.1.1 - 7.1.3
External linkshttp://www.ibm.com/support/pages/node/698395
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Heap overflow
EUVDB-ID: #VU640
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2105
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause heap overflow on the target system.
The weakness is caused by insufficient input validation. By sending a great deal of input data attackers are able to cause overflow of the EVP_EncodeUpdate() function used for binary data encoding.
Successful exploitation of the vulnerability may result in heap overflow on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionsData ONTAP operating in 7-Mode: 8.2.1 - 8.2.4
SnapDrive for Unix: 5.2 - 5.3
SnapDrive for Windows: 7.1.1 - 7.1.3
External linkshttp://www.ibm.com/support/pages/node/698395
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU33809
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2106
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
MitigationInstall update from vendor's website.
Vulnerable software versionsData ONTAP operating in 7-Mode: 8.2.1 - 8.2.4
SnapDrive for Unix: 5.2 - 5.3
SnapDrive for Windows: 7.1.1 - 7.1.3
External linkshttp://www.ibm.com/support/pages/node/698395
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Excessive memory allocation
EUVDB-ID: #VU641
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2109
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause excessive memory allocation on the target system.
The weakness exists during reading ASN.1 data by d2i_CMS_bio() function. A short invalid encoding leads to distribution of large amounts of memory for excessive resources or exhausting memory.
Successful exploitation of the vulnerability may result in excessive memory allocation.
Install update from vendor's website.
Vulnerable software versionsData ONTAP operating in 7-Mode: 8.2.1 - 8.2.4
SnapDrive for Unix: 5.2 - 5.3
SnapDrive for Windows: 7.1.1 - 7.1.3
External linkshttp://www.ibm.com/support/pages/node/698395
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer Over-read
EUVDB-ID: #VU642
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2176
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote to cause buffer over-read on the target system.
The weakness exists due to overread in applications using the X509_NAME_oneline() function on EBCDIC systems. The vulnerability leads to arbitrary stack data return to the buffer.
Successful exploitation of the weakness results in buffer over-read on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionsData ONTAP operating in 7-Mode: 8.2.1 - 8.2.4
SnapDrive for Unix: 5.2 - 5.3
SnapDrive for Windows: 7.1.1 - 7.1.3
External linkshttp://www.ibm.com/support/pages/node/698395
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption
EUVDB-ID: #VU638
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2108
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote user to cause memory corruption on the target system.
The weakness exists due to buffer underflow with an out-of-bounds write in i2c_ASN1_INTEGER. As ASN.1 parser (specifically, d2i_ASN1_TYPE) can misinterpret a large universal tag as a negative zero value, attacker may easily corrupt memory.
Successful exploitation of the vulnerability will allow a malicious user to trigger memory corruption on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionsData ONTAP operating in 7-Mode: 8.2.1 - 8.2.4
SnapDrive for Unix: 5.2 - 5.3
SnapDrive for Windows: 7.1.1 - 7.1.3
External linkshttp://www.ibm.com/support/pages/node/698395
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
