Security Bulletin
Summary
OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience on Cloud Network Capture Add-On. IBM Tealeaf Customer Experience on Cloud Network Capture Add-On has addressed the applicable CVEs.
Multiple security vulnerabilities in PHP affect IBM Tealeaf Customer Experience on Cloud Network Capture Add-On.
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate.
Vulnerability Details
CVEID: CVE-2016-2177
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer arithmetic for heap-buffer boundary checks. By leveraging unexpected malloc behavior, a remote attacker could exploit this vulnerability to trigger an integer overflow and cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113890 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-2178
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DSA implementation that allows the following of a non-constant time codepath for certain operations. An attacker could exploit this vulnerability using a cache-timing attack to recover the private DSA key.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113889 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-5385
DESCRIPTION: PHP could allow a remote attacker to redirect HTTP traffic of CGI application, caused by the failure to protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable. By using a specially-crafted Proxy header in a HTTP request, an attacker could exploit this vulnerability to redirect outbound HTTP traffic to arbitrary proxy server. This is also known as the "HTTPOXY" vulnerability.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115088 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-5900
DESCRIPTION: IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115380 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2016-6288
DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by a buffer over-read in the php_url_parse_ex function. An attacker could exploit this vulnerability using vectors involving the smart_str data type to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115541 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-6289
DESCRIPTION: PHP is vulnerable to a stack-based buffer overflow, caused by an integer overflow in the virtual_file_ex function. By using a specially crafted extract operation on a ZIP archive, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115540 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-6290
DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in session.c. An attacker could exploit this vulnerability using vectors related to session deserialization to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115539 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-6291
DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds array in the exif_process_IFD_in_MAKERNOTE function. By persuading a victim to open a specially crafted JPEG image, a remote attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115538 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-6292
DESCRIPTION: PHP is vulnerable to a denial of service, caused by a NULL Pointer dereference in the exif_process_user_comment function. By persuading a victim to open a specially crafted JPEG image, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115537 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-6293
DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the uloc_acceptLanguageFromHTTP function. An attacker could exploit this vulnerability using a call with a long argument to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115536 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-6294
DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the locale_accept_from_http function. An attacker could exploit this vulnerability using a call with a long argument to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115535 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-6295
DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in snmp.c. An attacker could exploit this vulnerability using specially crafted serialized data to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115534 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-6296
DESCRIPTION: PHP is vulnerable to a heap-based buffer overflow, caused by an integer signedness error in the simplestring_addn function. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115533 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-6297
DESCRIPTION: PHP is vulnerable to a stack-based buffer overflow, caused by an integer overflow in the php_stream_zip_opener function. By using a specially crafted zip:// URL, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115532 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-6304
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by multiple memory leaks in t1_lib.c during session renegotiation. By sending an overly large OCSP Status Request extension, a remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117110 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-6305
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error in SSL_peek(). By sending specially crafted data, a remote authenticated attacker could exploit this vulnerability to cause the service to hang.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117111 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-6307
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a memory allocation error in the logic prior to the excessive message length check. By initiating multiple connection attempts, a remote authenticated attacker could send an overly large message to exhaust all available memory resources.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117113 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-7125
DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by the skipping of invalid session names that triggers incorrect parsing by ext/session/session.c. An attacker could exploit this vulnerability using control of a session name to inject and execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116958 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM Tealeaf Customer Experience on Cloud Network Capture Add-On 16.1.01
Remediation/Fixes
Client Success Portal: https://tealeaf.support.ibmcloud.com/ics/support/DLList.asp?task=download&folderID=121267
Workarounds and Mitigations
Access to local networks containing networked Tealeaf servers should be limited to avoid unauthorized access to or disruption of Tealeaf services.
Access to PCA systems should be limited as much as possible.
Get Notified about Future Security Bulletins
References
Change History
12 December 2016: Original version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
78438 Security Bulletin History:
Submitted for review by Charles Hornig (chornig@us.ibm.com) at 10:49:30 on 11/21/2016.
Security Bulletin Reviewer review completed with comments 'review complete' by Guncha Malik (gmalik@in.ibm.com) at 15:12:24 EST on 11/28/2016.
PSIRT Operations review completed with comments '' by Joshua E. Dembling (jdemblin@us.ibm.com) at 15:25:51 EST on 11/28/2016.
Security Bulletin Review by Reviewing Attorney bypassed by deadmin (deadmin) at 15:25:52 EST on 11/28/2016.
Security Bulletin Reviews Complete by deadmin (deadmin) at 15:25:53 EST on 11/28/2016.
Submitted for review by Charles Hornig (chornig@us.ibm.com) at 10:47:40 on 11/21/2016.
Security Bulletin Reviewer review completed with comments ''review complete'' by Guncha Malik (gmalik@in.ibm.com) at 11:58:55 EST on 11/28/2016.
PSIRT Operations review completed with comments '''' by Joshua E. Dembling (jdemblin@us.ibm.com) at 15:21:01 EST on 11/28/2016.
Reviewing Attorney review completed with comments ''Please ensure fix location is updated before publication'' by VANESSA A. WITT (vanewitt@us.ibm.com) at 15:51:28 EST on 11/28/2016.
Security Bulletin Reviews Complete by deadmin (deadmin) at 15:51:29 EST on 11/28/2016.
84490 Security Bulletin History:
Submitted for review by Charles Hornig (chornig@us.ibm.com) at 10:56:51 on 11/21/2016.
Security Bulletin Reviewer review completed with comments 'review complete' by Guncha Malik (gmalik@in.ibm.com) at 11:43:47 EST on 11/28/2016.
Security Bulletin Review by PSIRT Ops bypassed by deadmin (deadmin) at 11:43:47 EST on 11/28/2016.
Security Bulletin Review by Reviewing Attorney bypassed by deadmin (deadmin) at 11:43:48 EST on 11/28/2016.
Security Bulletin Reviews Complete by deadmin (deadmin) at 11:43:49 EST on 11/28/2016.
Submitted for review by Charles Hornig (chornig@us.ibm.com) at 10:55:15 on 11/21/2016.
Security Bulletin Reviewer review completed with comments ''review complete'' by Guncha Malik (gmalik@in.ibm.com) at 11:32:39 EST on 11/28/2016.
PSIRT Operations review completed with comments '''' by Joshua E. Dembling (jdemblin@us.ibm.com) at 15:18:53 EST on 11/28/2016.
Reviewing Attorney review completed with comments ''Ensure fix location link is added before publication'' by VANESSA A. WITT (vanewitt@us.ibm.com) at 15:47:35 EST on 11/28/2016.
Security Bulletin Reviews Complete by deadmin (deadmin) at 15:47:36 EST on 11/28/2016.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21994534