IBM Security Notice Regarding IBM Code Signing Certificates

Share this post:

Two IBM Code Signing Certificates Are Being Revoked

IBM recently has identified malware which appears to have been signed by one of two IBM code signing certificates, one for signing Java code (serial number 20 29 13 7c b7 f0 b6 4b e9 bf 21 1a bc 6e ed 10, which already is expired) and the other for signing code to run on Windows systems (serial number 50 02 c1 5f e2 a1 c1 2e bf 2b 04 35 13 54 ae f6). IBM is revoking these certificates today, October 14, 2016. Updates for products which may have been using these certificates will be published as soon as they are available. To IBM’s knowledge, this malware has not been distributed with any IBM software.

Product Impact

Some IBM software products will be impacted by the revocation of these two code signing certificates. The product list can be found in the table below.  The revocation of these certificates does not pose a security risk to users.  However, there may be potential impact to the usability of the products; in certain situations, some products may fail to run or warn the user that the certificates used to sign the products are no longer valid.

Next Steps

Updates for products which may have been using these certificates will be published as soon as they are available.  Refer to the table below for the location where product updates will be made available. Other than installing these updates, which should address any usability issues, no additional actions are required.  If you have any questions about how to update these products, visit the IBM Support Portal.

Update (November 30, 2016): Other than the two certificates that were revoked on October 14, 2016, IBM has not found any indication that other IBM code signing certificates have been used to sign malware.  However, out of an abundance of caution, IBM will revoke three additional related certificates today, November 30, 2016.  The serial numbers for these three additional revoked certificates are:

  • Microsoft Code Signing Certificate: 06 90 64 96 5c 1d c9 78 96 54 4c 93 12 90 19 45
  • Microsoft Code Signing Certificate: 22 be 23 1b fc 52 4b e2 99 84 4e 43 a9 36 41 51
  • Java Code Signing Certificate: 26 14 83 36 bd 0c f6 87 70 90 d3 23 b1 1d a4 6a.

 Note, if you have already updated these affected products after the October 14, 2016 certificate revocation, there is no need to update these products again now that these three additional certificates have been revoked.  

Product Location Where Product Update Will Be Made Available Affected Certificates
IBM WebSphere Application Server V9 (Only Windows products impacted) Refer to the following link for further instructions: Support Doc Affected only by the October 14, 2016 revocation.
IBM Installation Manager (Only Windows products impacted) Flash Service Bulletin Website Affected by both the October 14, 2016 and November 30, 2016 revocations.
IBM Rational Change Fix Central Affected only by the October 14, 2016 revocation.
IBM Security AppScan Enterprise Fix Central Affected by both the October 14, 2016 and November 30, 2016 revocations.
IBM InfoSphere Change Data Capture Fix Central Affected only by the October 14, 2016 revocation.
Rational System Architect (includes IBM Rational System Architect XT) Contact Architect Support for more information. Affected only by the October 14, 2016 revocation.
Rational Functional Tester Fix Central Affected by both the October 14, 2016 and November 30, 2016 revocations.
IBM Rational Test Workbench Fix Central Affected only by the October 14, 2016 revocation.
IBM Software Development Toolkit for Linux on Power Passport Advantage Affected only by the October 14, 2016 revocation.
IBM Rational DOORS Next Generation Refer to the following link for further instructions: Support Doc. Affected by both the October 14, 2016 and November 30, 2016 revocations.
IBM Rational Team Concert Refer to the following link for further instructions: Support Doc. Affected by both the October 14, 2016 and November 30, 2016 revocations.
IBM Rational Host On-Demand (HOD) Refer to the following link for further instructions: Tech Note. Affected by both the October 14, 2016 and November 30, 2016 revocations.
IBM Security AppScan Source Fix Central Affected only by the October 14, 2016 revocation.
IBM Security AppScan Standard Fix Central Affected by both the October 14, 2016 and November 30, 2016 revocations.
IBM System z CHPID Mapping Tool Resource Link Affected by both the October 14, 2016 and November 30, 2016 revocations.
IBM Rational Integration Tester Fix Central Affected only by the October 14, 2016 revocation.
IBM Rational Robot Fix Central Affected only by the October 14, 2016 revocation.
IBM Integration Bus Fix Central Affected only by the October 14, 2016 revocation.
IBM Rational Quality Manager Refer to the following link for further instructions: Support Doc. Affected only by the November 30, 2016 revocation.
IBM Personal Communications Fix Central Affected only by the November 30, 2016 revocation.
IBM Rational Rhapsody Refer to the following link for further instructions: Support Doc. Affected only by the November 30, 2016 revocation.
IBM Rational Method Composer Fix Central Affected only by the November 30, 2016 revocation.

 

More stories

XSA-304 and XSA-305 Security Vulnerabilities

Nov 13, 2019 12:30 pm EST

IBM is aware of reported Intel vulnerabilities, CVE-2018-12207 and CVE-2019-11135, which are addressed by Citrix in the XSA-304 and XSA-305 security advisories. The vulnerabilities potentially could enable a denial of service attack or allow unauthorized access to recent memory content. There are no known malicious exploits of these vulnerabilities, which potentially impact the hypervisor. IBM ...read more


IBM Product Security Incident Response

Acknowledgement

Nov 6, 2019 8:30 pm EST

IBM acknowledges and thanks the security researchers and organizations listed below for reporting and working with us to resolve one or more security vulnerabilities in our products and services. Disclosures for 2019 Danang Tri Atmaja Jarad Kopf Neil Kettle, (Trustwave) Rich Mirch Steve Petz   Disclosures for 2018 Artem Metla Cody Wass, (NetSPI) David Azria, ...read more


XSA-299 Security Vulnerability

Oct 31, 2019 12:01 pm EST

IBM is aware of a reported XSA-299 security vulnerability (CVE-2019-18421) that potentially would permit an attacker from within a VSI to elevate privileges to that of the host. There are no known malicious exploits of this vulnerability, which potentially impacts the hypervisor. IBM is implementing updates to remediate this vulnerability. No downtime for clients is ...read more