Multiple vulnerabilities in IBM FlashSystem models 840 and 900
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2016-2177 CVE-2016-2178 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306 |
| CWE-ID | CWE-119 CWE-494 CWE-203 CWE-787 CWE-125 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
FlashSystem 840 9840-AE1 & 9843-AE1 Other software / Other software solutions FlashSystem 900 9840-AE2 and 9843-AE2 Hardware solutions / Firmware |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Integer overflow in ssl3_get_client_hello()
EUVDB-ID: #VU24
Risk: Medium
CVSSv3.1: 4.6 [AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2177
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause denial of service conditions on the target system.
The vulnerability exists due to a boundary error in ssl3_get_client_hello() function. A remote attacker can cause integer overflow by sending specially crafted data and crash the service.
Successful exploitation of this vulnerability may cause the target service to crash.
Install update from vendor's website.
Vulnerable software versionsFlashSystem 840 9840-AE1 & 9843-AE1: All versions
FlashSystem 900 9840-AE2 and 9843-AE2: All versions
External linkshttp://www.ibm.com/support/pages/node/697167
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Observable discrepancy
EUVDB-ID: #VU1589
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2178
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform timing attack.
The vulnerability exists due to an error within the dsa_sign_setup() function in crypto/dsa/dsa_ossl.c. A local user can obtain a DSA private key via a timing side-channel attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsFlashSystem 840 9840-AE1 & 9843-AE1: All versions
FlashSystem 900 9840-AE2 and 9843-AE2: All versions
External linkshttp://www.ibm.com/support/pages/node/697167
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU1968
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2182
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the BN_bn2dec() function in crypto/bn/bn_print.c in OpenSSL. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsFlashSystem 840 9840-AE1 & 9843-AE1: All versions
FlashSystem 900 9840-AE2 and 9843-AE2: All versions
External linkshttp://www.ibm.com/support/pages/node/697167
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU814
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6302
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when handling SHA512 TLS session tickets. A remote attacker can send specially crafted packets to the system, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsFlashSystem 840 9840-AE1 & 9843-AE1: All versions
FlashSystem 900 9840-AE2 and 9843-AE2: All versions
External linkshttp://www.ibm.com/support/pages/node/697167
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource exhaustion
EUVDB-ID: #VU646
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6304
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource management in OCSP stapling implementation in OpenSSL. A remote attacker can multiple requests with a large OCSP Status Request extension and consume all available memory on the system.
Install update from vendor's website.
Vulnerable software versionsFlashSystem 840 9840-AE1 & 9843-AE1: All versions
FlashSystem 900 9840-AE2 and 9843-AE2: All versions
External linkshttp://www.ibm.com/support/pages/node/697167
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Denial of service
EUVDB-ID: #VU816
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6306
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakess exists due insufficient length validation of certain TLS/SSL protocol handshake messages. By causing out-of-bounds read error attackers can trigger the affected service deny.
Successful exploitation of the vulnerability will result in denial of service on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionsFlashSystem 840 9840-AE1 & 9843-AE1: All versions
FlashSystem 900 9840-AE2 and 9843-AE2: All versions
External linkshttp://www.ibm.com/support/pages/node/697167
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
