OpenSSL vulnerabilities affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems.
Summary
OpenSSL vulnerabilities affect IBM Integrated Management Module
II (IMM2) for System x, Flex and BladeCenter systems.
Vulnerability Details
CVE-ID: CVE-2015-3194
Description: OpenSSL is vulnerable to a denial
of service, caused by a NULL pointer dereference when verifying
certificates via a malformed routine. An attacker could exploit
this vulnerability using signature verification routines with an
absent PSS parameter to cause any certificate verification
operation to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/108503
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVE-ID: CVE-2015-3195
Description: OpenSSL could allow a remote
attacker to obtain sensitive information, caused by a memory leak
in a malformed X509_ATTRIBUTE structure. An attacker could exploit
this vulnerability to obtain CMS data and other sensitive
information.
CVSS Base Score: 5.3
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/108504
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVE-ID: CVE-2015-3196
Description: OpenSSL is vulnerable to a denial
of service, caused by a race condition when PSK identity hints are
received by a multi-threaded client and the SSL_CTX structure is
updated with the incorrect value. An attacker could exploit this
vulnerability to possibly corrupt memory and cause a denial of
service.
CVSS Base Score: 3.7
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/108505
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVE-ID: CVE-2016-0705
Description: OpenSSL is vulnerable to a denial
of service, caused by a double-free error when parsing DSA private
keys. An attacker could exploit this vulnerability to corrupt
memory and cause a denial of service.
CVSS Base Score: 3.7
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/111140
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVE-ID: CVE-2016-0797
Description: OpenSSL is vulnerable to a denial
of service, caused by a NULL pointer dereference in the
BN_hex2bn/BN_dec2bn() function. An attacker could exploit this
vulnerability using specially crafted data to cause a denial of
service.
CVSS Base Score: 3.7
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/111142
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVE-ID: CVE-2016-0799
Description: OpenSSL could allow a remote
attacker to obtain sensitive information, caused by a memory error
in the BIO_*printf() functions. An attacker could exploit this
vulnerability using specially crafted data to trigger an
out-of-bounds read.
CVSS Base Score: 3.7
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/111143
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected products and versions
Product |
Affected Version |
IBM Integrated Management Module II (IMM2) for
System x, Flex and BladeCenter systems |
1aoo |
Remediation/Fixes
Firmware fix versions are available on Fix Central: http://www.ibm.com/support/fixcentral/
Product |
Fix Version |
IBM Integrated Management Module II (IMM2) for
System x, Flex and BladeCenter systems
ibm_fw_imm2_1aoo72h.5.60_anyos_noarch
ibm_fw_imm2_1aoo72h-5.60_bc-anyos_noarch |
1aoo72h-5.60 |
Workarounds and Mitigations
None.
References
Related Information
IBM
Secure Engineering Web Portal
IBM Product Security
Incident Response Blog
Acknowledgement
None.
Change History
05 July, 2016: Original Version Published
* The CVSS Environment Score is customer environment specific
and will ultimately impact the Overall CVSS Score. Customers can
evaluate the impact of this vulnerability in their environments by
accessing the links in the Reference section of this Security
Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams
(FIRST), the Common Vulnerability Scoring System (CVSS) is an
"industry open standard designed to convey vulnerability severity
and help to determine urgency and priority of response." IBM
PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND,
INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE
IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
References
On
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
BladeCenter:Operating system independent / None
System x:Operating system independent / None
PureFlex System and Flex System:Operating system independent / None
[{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW20M","label":"BladeCenter-\u003EBladeCenter T Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW20T","label":"BladeCenter-\u003EBladeCenter E Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW21Y","label":"BladeCenter H Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"HW","Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW22P","label":"BladeCenter S Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW22Q","label":"BladeCenter-\u003EBladeCenter HT Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW22P","label":"BladeCenter S Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW341","label":"System x-\u003ESystem x3250 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"HW94A","label":"Flex System Manager Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB57","label":"Power"}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"HW94F","label":"Enterprise Chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX81","label":"System x-\u003ESystem x3500 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX82","label":"System x-\u003ESystem x3530 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX91","label":"System x-\u003ESystem x3550 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA3","label":"System x-\u003ESystem x3650 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"HWXA4","label":"System x-\u003ESystem x3650 M4 HD"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA5","label":"System x-\u003ESystem x3650 M4 BD"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA7","label":"System x-\u003ENeXtScale nx360 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXB0","label":"System x-\u003ESystem x3690 X5"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXB1","label":"System x-\u003ESystem x3950 X6"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXB2","label":"System x-\u003ESystem x3100 M5"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXC0","label":"System x-\u003ESystem x3850 X5"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXD0","label":"System x-\u003ESystem x3950 X5"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXF6","label":"System x-\u003ESystem x iDataPlex dx360 M4 server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXF8","label":"System x-\u003ESystem x iDataPlex dx360 M4 2U chassis"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXG4","label":"System x-\u003ESystem x3300 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXG6","label":"System x-\u003ESystem x3750 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXH1","label":"System x-\u003ESystem x3630 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXK0","label":"System x-\u003ESystem x3100 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXL0","label":"System x-\u003ESystem x3250 M5"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXM0","label":"System x-\u003ESystem x3850 X6"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}}]