IBM Support

Security Bulletin: Vulnerability in curl affects IBM Cloud Pak System (CVE-2018-14618)

Security Bulletin


Summary

Vulnerability is identified in curl used in Cloud Pak System. Cloud Pak System has addressed the vulnerability.

Vulnerability Details

CVEID:   CVE-2018-14618
DESCRIPTION:   curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/149359 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s)Version(s)
IBM Cloud Pak System

V2.2.5 - V2.2.6

 

IBM Cloud Pak System

V2.3.0, V2.3.0.1

OS Image for Red Hat Linux

V3.0.10.0

V3.0.11.0

V3.0.12.0

V3.0.13.0


Remediation/Fixes

For Cloud Pak System V2.2.5 - V2.2.6, V2.3.0.1

     for OS Image for Red Hat Linux using RHEL V7,

       - download and apply the fix as available from Fix Central

 OR

       Apply Cloud Pak System v2.3.1.1

      Information on upgrading can be found here: http://www.ibm.com/support/docview.wss?uid=ibm10887959.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Security Bulletin: Vyatta 5600 vRouter

Security Bulletin: IBM Flex System Chassis Management Module (CMM)

Security Bulletin: IBM Dynamic System Analysis (DSA)

 

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

11 Dec 2019: Initial Publication
27 Dec 2019: Update Release

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFQSV","label":"IBM Cloud Pak System Software"},"Component":"OS Image for RedHat Enterprise Linux","Platform":[{"code":"PF016","label":"Linux"}],"Version":"2.3","Edition":"All","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
06 May 2020

Initial Publish date:
11 December 2019

UID

ibm11173136

Page Feedback