Security Bulletin: Vulnerabilities in OpenSSL affect IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2015-0286 CVE-2015-0288 CVE-2015-0289 CVE-2015-0209 CVE-2015-0287)

Created by Brian Bedard on Fri, 12/04/2015 - 09:20

Published URL:

https://www.ibm.com/support/pages/node/868286

868286

Security Bulletin

Summary

OpenSSL vulnerabilities were disclosed on March 19th, 2015 by the OpenSSL Project. OpenSSL is used by IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI). IBM System x, BladeCenter and Flex Systems UEFI have addressedthe applicable CVEs.

Vulnerability Details

Summary

Vulnerability Details

CVE-ID: CVE-2015-0286

Description: OpenSSL is vulnerable to a denial of service, caused by an error in the ASN1_TYPE_cmp function when attempting to compare ASN.1 boolean types. An attacker could exploit this vulnerability to crash any certificate verification operation and cause a denial of service.

CVSS Base Score: 5
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/101666 for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-ID: CVE-2015-0288

Description: OpenSSL is vulnerable to a denial of service, caused by an error in the X509_to_X509_REQ function. An attacker could exploit this vulnerability to trigger a NULL pointer dereference.

CVSS Base Score: 5
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/101675 for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-ID: CVE-2015-0289

Description: OpenSSL is vulnerable to a denial of service, caused by the failure to properly handle missing outer ContentInfo by the PKCS#7 parsing code. An attacker could exploit this vulnerability using a malformed ASN.1-encoded PKCS#7 blob to trigger a NULL pointer dereference.

CVSS Base Score: 5
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/101669 for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-ID: CVE-2015-0209

Description: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error in the d2i_ECPrivateKey or EVP_PKCS82PKEY function. An attacker could exploit this vulnerability using a malformed Elliptic Curve (EC) private-key file to corrupt memory and execute arbitrary code on the system and cause a denial of service.

CVSS Base Score: 6.8
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/101674 for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVE-ID: CVE-2015-0287

Description: OpenSSL is vulnerable to a denial of service, caused by an error related to the reuse of a structure in ASN.1 parsing. An attacker could exploit this vulnerability using an invalid write to corrupt memory and cause a denial of service.

CVSS Base Score: 5
CVSS Temporal Score: See http://exchange.xforce.ibmcloud.com/vulnerabilities/101668 for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected products and versions

System	Affected Version
BladeCenter HS23 7875/1929	tke146b-1.70
BladeCenter HS23E 8038/8039	ahe146b-2.11
Flex System x220 7906/2585	kse144b-1.61
Flex System x222 7916	cce1146d-1.30
Flex System x240 8737/8738/7863/8956	b2e146h-1.60
Flex System x440 7917	cne146d-1.50
NeXtScale nx360 M4 5455	fhe110d-1.40
System x280, x480, x880 X6 7903	n2e112h-1.00
System x3100 M5 5457	j9e118c-1.07
System x3250 M5 5458	jue118c-1.07
System x3300 M4 7382	yae142b-1.40
System x3500 M4 7383	y5e142c-1.82
System x3550 M4 7914	d7e146c-1.60
System x3630 M4 7158/7160	bee146c-2.12
System x3650 M4 BD 5466	yoe106c-1.20
System x3650 M4 7915	vve144c-1.92
System x3750 M4 8722/8752/8733/8718	koe146g-1.60
System x3850 X6 (4S) 3837/3839, System x3950 X6 (8S) 3839	a8e114h-1.00
System x iDataPlex dx360 M4 7912	tde144b-1.61

Remediation/Fixes

It is recommended to update to the firmware level listed below, or later version. Firmware updates are available through IBM Fix Central: http://www.ibm.com/support/fixcentral/.

You should verify applying this fix does not cause any compatibility issues.

Tip: To locate UEFI fix versions on Fix Central search on the version prefix, such as "b2e1", "fhe1" or "koe1".

System	Fixed Version
BladeCenter HS23 7875/1929	tke148b-1.80
BladeCenter HS23E 8038/8039	ahe148a-2.20
Flex System x220 7906/2585	kse146a-1.70
Flex System x222 7916	cce150b-1.50
Flex System x240 8737/8738/7863/8956	b2e150e-1.70
Flex System x440 7917	cne148b-1.60
NeXtScale nx360 M4 5455	fhe112a-1.50
System x280, x480, x880 X6 7903	n2e114c-1.10
System x3100 M5 5457	j9e120e-1.20
System x3250 M5 5458	jue120e-1.20
System x3300 M4 7382	yae144a-1.50
System x3500 M4 7383	y5e144c-1.92
System x3550 M4 7914	d7e148b-1.91
System x3630 M4 7158/7160	bee148b-2.21
System x3650 M4 BD 5466	yoe108c-1.30
System x3650 M4 7915	vve146a-2.00
System x3750 M4 8722/8752/8733/8718	koe148c-1.70
System x3850 X6 (4S) 3837/3839, System x3950 X6 (8S) 3839	a8e116c-1.10
System x iDataPlex dx360 M4 7912	tde146a-1.70

Workarounds and Mitigations

None.

Reference

Complete CVSS V2 Guide
On-line Calculator V2
OpenSSL Project vulnerability website (for detail on what versions are affected)
OpenSSL Advisory on above listed CVEs

Acknowledgement

None.

Change History
15 December 2015: Original Version Published
13 April 2016: Flex System x222 7916 added

* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

Operating System

BladeCenter:Operating system independent / None

System x:Operating system independent / None

PureFlex System and Flex System:Operating system independent / None

[{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW239","label":"BladeCenter->BladeCenter HS23"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HW23F","label":"BladeCenter->BladeCenter HS23E"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB18","label":"Miscellaneous LOB"}},{"Type":"HW","Business Unit":{"code":"BU050","label":"BU NOT IDENTIFIED"},"Product":{"code":"HW94B","label":"PureFlex System and Flex System->x220 Compute Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"HW94D","label":"Flex System x240 Compute Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU050","label":"BU NOT IDENTIFIED"},"Product":{"code":"HW94E","label":"PureFlex System and Flex System->x440 Compute Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"HW94J","label":"PureFlex System and Flex System->x880 X6 Compute Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"HW94K","label":"PureFlex System and Flex System->x280 X6 Compute Node"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX81","label":"System x->System x3500 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWX91","label":"System x->System x3550 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA3","label":"System x->System x3650 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA5","label":"System x->System x3650 M4 BD"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXA7","label":"System x->NeXtScale nx360 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXB1","label":"System x->System x3950 X6"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXB2","label":"System x->System x3100 M5"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXF6","label":"System x->System x iDataPlex dx360 M4 server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXG4","label":"System x->System x3300 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXG6","label":"System x->System x3750 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXH1","label":"System x->System x3630 M4"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXL0","label":"System x->System x3250 M5"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}},{"Type":"HW","Business Unit":{"code":"BU016","label":"Multiple Vendor Support"},"Product":{"code":"HWXM0","label":"System x->System x3850 X6"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"","label":""}}]

Tips

Security Bulletin: Vulnerabilities in OpenSSL affect IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2015-0286 CVE-2015-0288 CVE-2015-0289 CVE-2015-0209 CVE-2015-0287)

Security Bulletin

Summary

Vulnerability Details

Summary

Affected products and versions

Remediation/Fixes

Workarounds and Mitigations

Reference

Get Notified about Future Security Bulletins

References

Disclaimer

Document Location

Operating System

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?

Tips

Security Bulletin: Vulnerabilities in OpenSSL affect IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2015-0286 CVE-2015-0288 CVE-2015-0289 CVE-2015-0209 CVE-2015-0287)

Security Bulletin

Summary

Vulnerability Details

Summary

Affected products and versions

Remediation/Fixes

Workarounds and Mitigations

Reference

Get Notified about Future Security Bulletins

References

Related Information

Disclaimer

Document Location

Operating System

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?