IBM Support

Security Bulletin: Multiple Vulnerabilities in Network Time Protocol (NTP) Affect Power Hardware Management Console (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296)

Security Bulletin


Summary

There are multiple vulnerabilities in Network Time Protocol (NTP) Project NTP daemon (ntpd) that is used by Power Hardware Management Console

Vulnerability Details

CVE-ID: CVE-2014-9293
DESCRIPTION: Network Time Protocol (NTP) Project NTP daemon (ntpd) could provide weaker than expected security, caused by the improper generation of a key by the config_auth function when an auth key is not configured. A remote attacker could exploit this vulnerability using brute force techniques to guess the generated key.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/99576 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-ID: CVE-2014-9294
DESCRIPTION: Network Time Protocol (NTP) Project NTP daemon (ntpd) could provide weaker than expected security, caused by the use of a weak RNG seed by ntp-keygen.c. A remote attacker could exploit this vulnerability using brute force techniques to defeat cryptographic protection mechanisms.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/99577 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-ID: CVE-2014-9295
DESCRIPTION: Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to multiple stack-based buffer overflows, caused by improper bounds checking by ntpd. By sending specially-crafted packets, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/99578 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE-ID: CVE-2014-9296
DESCRIPTION: Network Time Protocol (NTP) Project NTP daemon (ntpd) is vulnerable to a denial of service, caused by the continual execution of the receive function after detecting an error. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/99579 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Power HMC V7.7.3.0
Power HMC V7.7.7.0
Power HMC V7.7.8.0
Power HMC V7.7.9.0
Power HMC V8.8.1.0
Power HMC V8.8.2.0

Remediation/Fixes


Fixes are available for the the HMC versions mentioned below:

ProductVRMFAPARRemediation/First Fix
Power HMCV7.7.3.0 SP7MB03888Apply eFix MH01500
Power HMCV7.7.7.0 SP4MB03889Apply eFix MH01501
Power HMCV7.7.8.0 SP2MB03899Apply eFix MH01511
Power HMCV7.7.9.0 SP1MB03900Apply eFix MH01512
Power HMCV8.8.1.0 SP1MB03886Apply eFix MH01498
Power HMCV8.8.2.0MB03837Apply service pack 1 (MH01455)

Note:
1. After applying the PTF, you should restart the HMC.
2. HMC V7.7.3 support is extended only for managing the Power 775 (9125-F2C) also called "PERCS" and "IH". End Of Service date for managing all other server models was 2013.05.31.
3. CVE-2014-9296 affects only HMC V8.8.1.0 and V8.8.2.0. Other versions are not affected.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

17 March 2015: Original Version Published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

[{"Product":{"code":"SGW5F2","label":"HMC Firmware"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"HMC","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
17 June 2018

UID

nas8N1020645