IBM Support

Security Bulletin: Vulnerabilities in OpenSSH and OpenSSL affect GPFS for Windows V3.5

Created by Laura Murphy on
Published URL:
https://www.ibm.com/support/pages/node/630769
630769

Security Bulletin


Summary

OpenSSH vulnerabilities were disclosed on December 23, 2016 by the OpenSSH Project. OpenSSL vulnerabilities were disclosed on November 10, 2016 and January 26, 2017 by the OpenSSL Project. OpenSSH and OpenSSL are used by GPFS V3.5 for Windows. GPFS V3.5 for Windows has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2016-10009
DESCRIPTION:
OpenSSH could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the loading of a specially crafted PKCS#11 module across a forwarded agent channel. An attacker could exploit this vulnerability to write files or execute arbitrary code on the system.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119828 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-10010
DESCRIPTION:
OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by an error in sshd when privilege separation is disabled. An attacker could exploit this vulnerability using a forwarded Unix-domain socket to gain root privileges on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119829 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-10011
DESCRIPTION:
OpenSSH could allow a local authenticated attacker to obtain sensitive information, caused by a privilege separation flaw. An attacker could exploit this vulnerability to obtain host private key material and other sensitive information.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119830 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-10012
DESCRIPTION:
OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by improper bounds checking in the shared memory manager. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119831 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)


CVEID: CVE-2016-7055
DESCRIPTION:
OpenSSL is vulnerable to a denial of service, caused by an error in a Broadwell-specific Montgomery multiplication procedure. By sending specially crafted data, a remote attacker could exploit this vulnerability to trigger errors in public-key operations in configurations where multiple remote clients select an affected EC algorithm and cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118748 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-3731
DESCRIPTION:
OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121312 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-3732
DESCRIPTION:
OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121313 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

OpenSSH for GPFS V3.5 for Windows

Remediation/Fixes


In GPFS V3.5.0.34, IBM upgraded OpenSSH for GPFS on Windows to 7.4p1 and to use OpenSSL 1.0.2k to address these vulnerabilities. System administrators should update their systems to GPFS V3.5.0.34 by following the steps below.

1. Download the GPFS 3.5.0.34 update package into any directory on your system from http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Cluster%2Bsoftware&product=ibm/power/IBM+General+Parallel+File+System&release=3.5.0&platform=Windows&function=all

2. Extract the contents of the ZIP archive so that the .msi file it includes is directly accessible to your system.

3. Follow the instructions in the README included in the update package in order to install the OpenSSH msi package. This updated OpenSSH 7.4.p1 msi package is built using OpenSSL 1.02k.

If GPFS multiclustering is configured on Windows nodes, upgrade all OpenSSL packages that may have been installed. The following can be done on a small group of nodes at each time (ensuring that quorum is maintained) to maintain file system availability:

a. Stop GPFS on the node
b. Install the version of OpenSSL
c. Restart GPFS on the node

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

25 March 2017:Original version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSFKCN","label":"General Parallel File System"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"--","Platform":[{"code":"PF033","label":"Windows"}],"Version":"3.5.0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
25 June 2021

UID

isg3T1024968