Multiple vulnerabilities in QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter

1) Buffer overflow

EUVDB-ID: #VU9595

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3738

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to buffer overflow in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. A remote attacker can cause the server to share the DH1024 private key among multiple clients and perform attack on TLS.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter: before 7.10.1.46.00

QLogic Virtual Fabric Extension Module for IBM BladeCenter: before 9.0.3.23.00

External links

http://www.ibm.com/support/pages/node/888295

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU2972

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-0701

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to DH_check_pub_key() function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter: before 7.10.1.46.00

QLogic Virtual Fabric Extension Module for IBM BladeCenter: before 9.0.3.23.00

External links

http://www.ibm.com/support/pages/node/888295

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU9594

Risk: Medium

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3737

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information on the target system.

The weakness exists due to an "error state mechanism" when SSL_read() or SSL_write() is called directly after SSL object. A remote attacker can a specially crafted input, trigger a fatal error during a handshake and return it in the initial function call to access or modify sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter: before 7.10.1.46.00

QLogic Virtual Fabric Extension Module for IBM BladeCenter: before 9.0.3.23.00

External links

http://www.ibm.com/support/pages/node/888295

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.