Multiple vulnerabilities in IBM Tivoli Directory



Published: 2018-12-14
Risk Low
Patch available YES
Number of vulnerabilities 5
CVE ID CVE-2018-1388
CVE-2018-1427
CVE-2018-1426
CVE-2016-0702
CVE-2018-1447
CWE ID CWE-208
CWE-190
CWE-338
CWE-200
CWE-521
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
IBM Tivoli Directory Server
Server applications / Directory software, identity management

Vendor IBM Corporation

Security Advisory

1) Information disclosure through timing discrepancy

Risk: Low

CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-1388

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to disclosure of side channel information via discrepancies between valid and invalid PKCS#1 padding. A remote attacker can gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Tivoli Directory Server: 6.2, 6.3.0.0

CPE External links

http://aix.software.ibm.com/aix/efixes/security/itds_advisory2.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer overflow

Risk: Low

CVSSv3: 5.4 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-1427

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to IBM GSKit contains several environment variables. A local attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Tivoli Directory Server: 6.2, 6.3.0.0

CPE External links

http://aix.software.ibm.com/aix/efixes/security/itds_advisory2.asc

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of cryptographically weak PRNG

Risk: Low

CVSSv3: 6.4 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-1426

CWE-ID: CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists due to IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which can result in duplicate Session IDs and a risk of duplicate key material. A remote attacker can gain access to potentially sensitive information and write arbitrary files.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Tivoli Directory Server: 6.2, 6.3.0.0

CPE External links

http://aix.software.ibm.com/aix/efixes/security/itds_advisory2.asc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

Risk: Low

CVSSv3: 4.1 [CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-0702

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to decrypt data passed via encrypted SSL connection.

The vulnerability exists in the MOD_EXP_CTIME_COPY_FROM_PREBUF() function in crypto/bn/bn_exp.c. The application does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts.

The vulnerability was dubbed "CacheBleed".

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Tivoli Directory Server: 6.2, 6.3.0.0

CPE External links

http://aix.software.ibm.com/aix/efixes/security/itds_advisory2.asc

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Weak passwords requirements

Risk: Low

CVSSv3: 4.5 [CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-1447

CWE-ID: CWE-521 - Weak Password Requirements

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. A local attacker can gain access to potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Tivoli Directory Server: 6.2, 6.3.0.0

CPE External links

http://aix.software.ibm.com/aix/efixes/security/itds_advisory2.asc

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###