Multiple vulnerabilities in IBM Spectrum Copy Data Management
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2022-1729 CVE-2021-3759 CVE-2022-32250 CVE-2022-2068 CVE-2020-28915 CVE-2022-2097 CVE-2022-1012 CVE-2022-27666 CVE-2022-1292 |
| CWE-ID | CWE-362 CWE-400 CWE-416 CWE-78 CWE-126 CWE-311 CWE-401 CWE-122 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #9 is available. |
| Vulnerable software Subscribe |
IBM Spectrum Copy Data Management Server applications / Other server solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Race condition
EUVDB-ID: #VU64156
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1729
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within sys_perf_event_open() in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-linux-kernel-and-openssl-may-affect-ibm-spectrum-copy-data-management/
http://www.ibm.com/support/pages/node/6619903
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU63914
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3759
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists in the Linux kernel’s ipc functionality of the memcg subsystem when user calls the semget function multiple times, creating semaphores. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-linux-kernel-and-openssl-may-affect-ibm-spectrum-copy-data-management/
http://www.ibm.com/support/pages/node/6619903
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU64668
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-32250
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free incorrect NFT_STATEFUL_EXPR in net/netfilter/nf_tables_api.c in Linux kernel. A local user with ability to create user/net namespaces can execute arbitrary code with root privileges.
Install update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-linux-kernel-and-openssl-may-affect-ibm-spectrum-copy-data-management/
http://www.ibm.com/support/pages/node/6619903
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) OS Command Injection
EUVDB-ID: #VU64559
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2068
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).
Install update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-linux-kernel-and-openssl-may-affect-ibm-spectrum-copy-data-management/
http://www.ibm.com/support/pages/node/6619903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer Over-read
EUVDB-ID: #VU64793
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28915
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a local user with physical access to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds (OOB) memory access flaw in fbcon_get_font() function in drivers/video/fbdev/core/fbcon.c in fbcon driver module in the Linux kernel. A local user with special user privilege and with physical access can gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-linux-kernel-and-openssl-may-affect-ibm-spectrum-copy-data-management/
http://www.ibm.com/support/pages/node/6619903
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Missing Encryption of Sensitive Data
EUVDB-ID: #VU64922
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2097
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-linux-kernel-and-openssl-may-affect-ibm-spectrum-copy-data-management/
http://www.ibm.com/support/pages/node/6619903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory leak
EUVDB-ID: #VU64079
Risk: Medium
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1012
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient randomization in the net/ipv4/tcp.c when calculating port offsets in Linux kernel cause by small table perturb size. A remote attacker can cause memory leak and gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-linux-kernel-and-openssl-may-affect-ibm-spectrum-copy-data-management/
http://www.ibm.com/support/pages/node/6619903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Heap-based buffer overflow
EUVDB-ID: #VU61672
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-27666
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c in Linux kernel. A local unprivileged user can pass specially crafted data to the system, trigger a heap-based buffer overflow and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-linux-kernel-and-openssl-may-affect-ibm-spectrum-copy-data-management/
http://www.ibm.com/support/pages/node/6619903
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) OS Command Injection
EUVDB-ID: #VU62765
Risk: Medium
CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-1292
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
Install update from vendor's website.
Vulnerable software versionsIBM Spectrum Copy Data Management: 2.2.0 - 2.2.16
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-linux-kernel-and-openssl-may-affect-ibm-spectrum-copy-data-management/
http://www.ibm.com/support/pages/node/6619903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
