Security Bulletin
Summary
Rational DOORS has addressed the following vulnerabilities
Vulnerability Details
DESCRIPTION: An undisclosed vulnerability in IBM Rational DOORS 9 application allows an attacker to gain DOORS administrator privileges.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/140208 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-1447
DESCRIPTION: The GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. Note: After update the customer should change password to ensure the new password is stored more securely. Products should encourage customers to take this step as a high priority action.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139972 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2018-1427
DESCRIPTION: IBM GSKit contains several environment variables that a local attacker could overflow and cause a denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139072 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Rational DOORS: 9.5.2 - 9.5.2.8
Rational DOORS: 9.6.0 - 9.6.0.7
Rational DOORS: 9.6.1 - 9.6.1.10
The following Rational DOORS components are affected:
- Rational DOORS desktop client
- Rational DOORS interoperation server
Remediation/Fixes
NOTE: You should verify applying this fix does not cause any compatibility issues.
| Rational DOORS version | Upgrade to fix pack |
| 9.5.1 - 9.5.1.9 | 9.5.1.10 |
| 9.5.2 - 9.5.2.8 | 9.5.2.9 |
| 9.6.0 - 9.6.0.7 | 9.6.0.8 |
| 9.6.1 - 9.6.1.10 | 9.6.1.11 |
For Rational DOORS version 9.5.0.x and earlier, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
Citrix and Remote desktop
To reduce installation overhead and to increase security, many clients make use of remote desktop software (Citrix or Microsoft Remote Desktop). All remote desktop solutions provide communication level security in addition to the benefits for installation. Clients using a remote desk top solution such as Citrix XenApp can organize their network infrastructure to forbid users accessing DOORS directly and so avoid issues regarding communication exposures as described by this vulnerability.
Update to Server Security
The fix to prevent an attacker to gain DOORS administrator privileges is an enhancement to the DOORS server security functionality. DOORS must be configured to use server security to enable this feature. When enabled, interop servers will now only connect to the database server if approved. This can be done by either starting the database server using the "secureInteropbyIP" command line switch or by adding the interop server certificate information to a allowlist.dat file. The allowlist.dat file needs to be located at the top level of the DOORS data directory.
If the database server is started using the "secureInteropbyIP" command line switch then the allowlist.dat file is unnecessary if all the interop servers are running on the same machine as the database server. Interop servers must be started with the "sssServer" command line switch to be recongised as secure by the database server.
For further information see the documentation on how to configure server security.
Configure Rational DOORS Web Access
If you are using Rational DOORS Web Access, after you upgrade, but before you start the Rational DOORS Web Access server, edit the core configuration file and set the required version of the interoperation server to the version of the fix pack upgrade, as described in the following steps.
Procedure:
- To edit the Rational DOORS Web Access core configuration file, open the festival.xml file, which is in the server\festival\config directory.
- Add the following line in the <f:properties> section:
<f:property name="interop.version" value="9.n.n.n" />
Replace "9.n.n.n" with the version of the fix pack upgrade: 9.5.1.10, 9.5.2.9, 9.6.0.8, or 9.6.1.11. - Save and close the file.
After this revision, only the specified version of the interoperation server can access the Rational DOORS database.
Workarounds and Mitigations
Get Notified about Future Security Bulletins
References
Acknowledgement
This vulnerability was reported to IBM by REQUISIS GmbH
Change History
20 June 2018: Original version published
21 June 2018: Additional remediation steps added
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
29 June 2020
UID
swg22017436