IBM Support

Security Bulletin: IBM Communications Server for Data Center Deployment, IBM Communications Server for AIX, IBM Communications Server for Linux, and IBM Communications Server for Linux on System z are affected by a vulnerability.

Security Bulletin


Summary

IBM Communications Server for Data Center Deployment, IBM Communications Server for AIX, IBM Communications Server for Linux, and IBM Communications Server for Linux on System z have addressed the following vulnerability:
CVE-2018-1447 GSKit and GSKit-Crypto Security Advisory December 2017 Part 1

Vulnerability Details

CVEID: CVE-2018-1447
DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139972 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected IBM Communications Server for Linux & CS for Linux on System z

Affected Versions
Communications Server for Data Center Deployment700
Communications Server for AIX640
Communications Server for Linux640
Communications Server for Linux on System z640

Remediation/Fixes

Product

VRMF
APAR
Remediation / First Fix
Communications Server for Data Center Deployment7.0.0.4(AIX) IJ03789
(LINUX) LI79870		(AIX) Link to FIX
(LINUX)
Link to FIX on i686
Link to FIX on x86_64
Link to FIX on ppc
Link to FIX on s390x
Communications Server for AIX6.4.0.7IJ03797Link to FIX
Communications Server for Linux6.4.0.7LI79880Link to FIX on i686
Link to FIX on x86_64
Link to FIX on ppc
Communications Server for Linux on System z6.4.0.7LI79891Link to FIX

Workarounds and Mitigations

none

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide
On-line Calculator v2

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSKK8Z","label":"Communications Server for Data Center Deployment"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"All","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"}],"Version":"7.0.0.0","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Product":{"code":"SSPQKF","label":"Communications Server for AIX"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"All","Platform":[{"code":"PF002","label":"AIX"}],"Version":"6.4;6.4.0.1;6.4.0.2;6.4.0.3;6.4.0.4;7.0.0.0","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Product":{"code":"SSHQLW","label":"Communications Server for Linux"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"All","Platform":[{"code":"PF016","label":"Linux"}],"Version":"6.4;6.4.0.1;6.4.0.2;6.4.0.3;6.4.0.4;7.0.0.0","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Product":{"code":"SSDMF3","label":"Communications Server for Linux on zSeries"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"All","Platform":[{"code":"PF016","label":"Linux"}],"Version":"6.4;6.4.0.1;6.4.0.2;6.4.0.3;6.4.0.4;7.0.0.0","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Product":{"code":"SSHQNF","label":"Communications Server for Windows"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"All","Platform":[{"code":"PF033","label":"Windows"}],"Version":"6.1.3;6.4;6.4.0.1;6.4.0.2;6.4.0.3;6.4.0.4","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

Communications Server commserver comm server sna csaix cslinux

Document Information

Modified date:
03 August 2018

UID

swg22013978

Page Feedback