Multiple vulnerabilities in IBM Security Verify Access



Published: 2022-07-07
Risk High
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2018-20574
CVE-2019-6285
CVE-2018-20573
CVE-2017-11692
CVE-2010-4021
CVE-2010-1324
CVE-2010-4020
CVE-2010-1323
CVE-2018-5730
CVE-2018-20217
CVE-2020-28196
CWE-ID CWE-119
CWE-617
CWE-16
CWE-310
CWE-264
CWE-674
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
IBM Security Verify Access
Server applications / Remote management servers, RDP, SSH

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU36263

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20574

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-access/
http://www.ibm.com/support/pages/node/6601733


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU36239

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-6285

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-access/
http://www.ibm.com/support/pages/node/6601733


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU36262

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20573

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-access/
http://www.ibm.com/support/pages/node/6601733


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Reachable Assertion

EUVDB-ID: #VU64983

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-11692

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in the Token& Scanner::peek() function in scanner.cpp in yaml-cpp. A remote attacker can send a specially crafted !2 string and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-access/
http://www.ibm.com/support/pages/node/6601733


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Configuration

EUVDB-ID: #VU64985

Risk: Low

CVSSv3.1: 2.3 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-4021

CWE-ID: CWE-16 - Configuration

Exploit availability: No

Description

The vulnerability allows a remote user to modify files on the system.

The vulnerability exists due to MIT Kerberos 5 does not properly restrict the use of TGT credentials for armoring TGS requests. A remote authenticated user can impersonate a client by rewriting an inner request, aka a KrbFastReq forgery issue.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-access/
http://www.ibm.com/support/pages/node/6601733


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Cryptographic issues

EUVDB-ID: #VU64988

Risk: High

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-1324

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to modify files on the system.

The vulnerability exists due to MIT Kerberos 5 does not properly determine the acceptability of checksums. A remote attacker can forge GSS tokens, gain privileges, or have unspecified other impact via an unkeyed checksum, an unkeyed PAC checksum, or a KrbFastArmoredReq checksum based on an RC4 key.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-access/
http://www.ibm.com/support/pages/node/6601733


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Cryptographic issues

EUVDB-ID: #VU64997

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-4020

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to MIT Kerberos 5 does not reject RC4 key-derivation checksums. A remote user can forge a AD-SIGNEDPATH or AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-access/
http://www.ibm.com/support/pages/node/6601733


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Cryptographic issues

EUVDB-ID: #VU64989

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-1323

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the target system.

The vulnerability exists due to MIT Kerberos 5 does not properly determine the acceptability of checksums. A remote attacker can modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that are unkeyed or use RC4 keys.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-access/
http://www.ibm.com/support/pages/node/6601733


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Security restrictions bypass

EUVDB-ID: #VU11076

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5730

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on a targeted system.

The weakness exists due to insufficient security restrictions. A remote attacker can add crafted principals to the Lightweight Directory Access Protocol (LDAP) database and bypass a DN containership check.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-access/
http://www.ibm.com/support/pages/node/6601733


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Reachable Assertion

EUVDB-ID: #VU17350

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20217

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in in the KDC. A remote attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4) and crash the KDC by making an S4U2Self request.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-access/
http://www.ibm.com/support/pages/node/6601733


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Uncontrolled Recursion

EUVDB-ID: #VU48444

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-28196

CWE-ID: CWE-674 - Uncontrolled Recursion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion in MIT Kerberos 5 (aka krb5) implementation when processing ASN.1-encoded Kerberos messages in lib/krb5/asn.1/asn1_encode.c. A remote attacker can pass specially crafted data to the application that uses Kerberos and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Security Verify Access: 10.0.0 - 10.0.4.0

External links

http://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-found-in-open-source-code-that-is-shipped-with-ibm-security-verify-access/
http://www.ibm.com/support/pages/node/6601733


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###