Security Bulletin
Summary
OpenSSL vulnerabilities were disclosed in August 2014. This bulletin also addresses curl vulnerabilities disclosed in July 2014, and OpenSSH vulnerabilities that were disclosed in April 2014.
Vulnerability Details
Summary
OpenSSL vulnerabilities were disclosed in August 2014. This bulletin also addresses curl vulnerabilities disclosed in July 2014, and OpenSSH vulnerabilities that were disclosed in April 2014.
Vulnerability Details
CVE-ID: CVE-2014-2653
Description: OpenSSH could allow a remote attacker to bypass security restrictions, caused by an error in the SSH client when handling a HostCertificate. By persuading a victim to visit a specially-crafted Web site containing a malicious certificate, an attacker could exploit this vulnerability using a malicious server to disable SSHFP-checking.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92116
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE-ID: CVE-2014-2532
Description: OpenSSH could allow a remote attacker to bypass security restrictions, caused by the inclusion of wildcard characters in the AcceptEnv lines of the sshd_config configuration file within the sshd program. By using a substring before a wildcard character, an attacker could exploit this vulnerability to bypass intended environment restrictions.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/91986
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVE-ID: CVE-2013-2174
Description: cURL/libcURL is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the curl_easy_unescape() function in lib/escape.c. While decoding URL encoded strings to raw binary data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85180
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-ID: CVE-2014-4545
Description: cURL/libcURL could allow a remote attacker to conduct spoofing attacks, caused by the improper validation of connection host name in TLS/SSL server certificates when the digital signature verification is disabled. By persuading a victim to visit a Web site containing a specially-crafted certificate, a remote attacker could exploit this vulnerability using man-in-the-middle techniques to cause the victim to accept spoofed certificates.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/89181
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE-ID: CVE-2014-0015
Description: libcURL could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim.
CVSS Base Score: 5.0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90841
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVE-ID: CVE-2014-0138
Description: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by the re-use of previously used connections when processing new requests. An attacker could exploit this vulnerability to hijack the privileges of a different user's session and launch further attacks on the system.
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92131
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVE-ID: CVE-2014-0139
Description: cURL/libcURL could allow a remote attacker to bypass security restrictions, caused by an error in the hostmatch() function when validating certificates containing an IP address with a wildcard match within the Common Name field. By sending a specially-crafted SSL certificate containing wildcard characters, a remote attacker could exploit this vulnerability to spoof the server and launch further attacks on the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92130
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVE-ID: CVE-2014-3509
Description: OpenSSL is vulnerable to a denial of service, caused by a race condition in the ssl_parse_serverhello_tlsext() code. If a multithreaded client connects to a malicious server using a resumed session, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95159
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-3506
Description: OpenSSL is vulnerable to a denial of service, caused by an error when processing DTLS handshake messages. A remote attacker could exploit this vulnerability to consume an overly large amount of memory.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95160
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-3507
Description: OpenSSL is vulnerable to a denial of service. By sending specially-crafted DTLS packets, a remote attacker could exploit this vulnerability to leak memory and cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95161
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-3511
Description: OpenSSL could allow a remote attacker to bypass security restrictions, caused by the negotiation of TLS 1.0 instead of higher protocol versions by the OpenSSL SSL/TLS server code when handling a badly fragmented ClientHello message. An attacker could exploit this vulnerability using man-in-the-middle techniques to force a downgrade to TLS 1.0.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95162
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE-ID: CVE-2014-3505
Description: OpenSSL is vulnerable to a denial of service, caused by a double-free error when handling DTLS packets. A remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95163
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-3510
Description: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in anonymous ECDH ciphersuites. A remote attacker could exploit this vulnerability using a malicious handshake to cause the client to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95164
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2014-3508
Description: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in OBJ_obj2txt. If applications echo pretty printing output, an attacker could exploit this vulnerability to read information from the stack.
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95165
for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected products and versions
Integrated Management Module II (IMM2) firmware is affected on the following hardware platforms:
- iDatplex dx360 M4, types 7912, 7913
- iDatplex dx360 M4 Water Cooled, types 7918, 7919
- Flex System x220 Compute Node, types 7906, 2585
- Flex System x222 Compute Node, type 7916
- Flex System x240 Compute Node, types 8737, 8738, 7863, 8956
- Flex System x440 Compute Node, type 7917
- Flex System x880 Compute Node, types 4259,7903
- Flex System Manager Node, types 8731, 8734, 7955
- NeXtScale nx360 M4, type 5455
- System x3100 M4, type 2582
- System x3100 M5, type 5457
- System x3250 M4, type 2583
- System x3250 M5, type 5458
- System x3300 M4, type 7382
- System x3500 M4, type 7383
- System x3530 M4, type 7160
- System x3550 M4, type 7914
- System x3630 M4, type 7158
- System x3650 M4 BD, type 5466
- System x3650 M4 HD, type 5460
- System x3650 M4, type 7915
- System x3750 M4, types 8752, 8718
- System x3750 M4, types 8722, 8733
- System x3850 X6, Type 3837
- System x3950 X6, Type 3837
The following IMM2 firmware levels are affected:
- v1.00 (1AOO10I)
- v1.05 (1AOO10K)
- v1.25 (1AOO26K)
- v1.26 (1AOO26N)
- v1.32 (1AOO28N)
- v1.34 (1AOO28Q)
- v1.38 (1AOO30D)
- v1.40 (1AOO30T)
- v1.45 (1AOO28S)
- v1.50 (1AOO30W)
- v1.51 (1AOO30Y)
- v1.52 (1AOO34A)
- v1.53 (1AOO30Z)
- v1.59 (1AOO32K)
- v1.60 (1AOO32P)
- v1.65 (1AOO32O)
- v1.75 (1AOO32S)
- v1.77 (1AOO32K)
- v1.78 (1AOO36E)
- v1.79 (1AOO36F)
- v1.85 (1AOO34Z)
- v1.86 (1AOO40D)
- v1.88 (1AOO40A)
- v1.95 (1AOO36P)
- v1.97 (1AOO36R)
- v2.00 (1AOO40E)
- v2.06 (1AOO42B)
- v2.50 (1AOO40Z)
- v2.52 (1AOO42E)
- v2.60 (1AOO41W)
- v2.61 (1AOO44Y)
- v2.62 (1AOO56T)
- v3.10 (1AOO48H)
- v3.20 (1AOO48k)
- v3.30 (1AOO36R)
- v3.35 (1AOO48N)
- v3.36 (1AOO48G)
- v3.37 (1AOO48P)
- v3.40 (1AOO48M)
- v3.50 (1AOO50B)
- v3.55 (1AOO50E)
- v3.56 (1AOO50K)
- v3.65 (1AOO50D)
- v3.67 (1AOO50Q)
- v3.70 (1AOO52Q)
- v3.71 (1AOO52W)
- v3.73 (1AOO56D)
- v3.74 (1AOO52R)
- v3.75 (1AOO56F)
- v3.76 (1AOO52S)
- v3.76 (1AOO56Q)
- v3.77 (1AOO56H)
- v3.78 (1AOO52Y)
- v3.79 (1AOO56Q)
- v3.80 (1AOO52U)
- v3.81 (1AOO52Z)
- v3.82 (1AOO56E)
- v3.83 (1AOO56I)
- v3.84 (1AOO56K)
- v3.85 (1AOO56U)
- v3.86 (1AOO56L)
- v3.86 (1AOO56V)
- v3.90 (1AOO54X)
- v3.91 (1AOO56P)
- v3.91 (1AOO58Q)
- v4.00 (1AOO58I)
- v4.02 (1AOO58S)
- v4.10 (1AOO58F)
- v4.20 (1AOO58R)
- v4.21 (1AOO58U)
- v4.31 (1AOO58T)
For System x3850, Type 3837 and System x3950, Type 3837 all firmware versions prior to v4.96 are affected.
Remediation/Fixes
It is recommended to update the following affected system to Integrated Management Module 2 v4.40 (1A0064P):
- NeXtScale nx360 M4, type 5455
It is recommended to update the following affected systems to Integrated Management Module 2 v4.50 (1A0064L):
- Flex System x220 Compute Node, types 7906, 2585
- Flex System x222 Compute Node, type 7916
- Flex System x240 Compute Node, types 8737, 8738, 7863, 8956
- Flex System x440 Compute Node, type 7917
- Flex System x880 Compute Node, types 4259,7903
- Flex System Manager Node, types 8731, 8734, 7955
- System x3100 M5, type 5457
It is recommended to update the following system to Integrated Management Module 2 v4.55 (1A0064N):
- iDatplex dx360 M4, types 7912, 7913
- iDatplex dx360 M4 Water Cooled, types 7918, 7919
- System x3100 M4, type 2582
- System x3300 M4, type 7382
- System x3250 M4, type 2583
- System x3250 M5, type 5458
- System x3530 M4, type 7160
- System x3500 M4, type 7383
- System x3550 M4, type 7914
- System x3630 M4, type 7158
- System x3750 M4, types 8752, 8718
- System x3750 M4, types 8722, 8733
- System x3650 M4 BD, type 5466
- System x3650 M4 HD, type 5460
- System x3650 M4, type 7915
It is recommended to update the following system to Integrated Management Module 2 v4.96 (1AOO66O) or above
- System x3850 X6, Type 3837
- System x3950 X6, Type 3837
Workarounds and Mitigations
None.
Reference
Related Information
IBM
Secure Engineering Web Portal
IBM Product Security
Incident Response Blog
Subscribe to
Security Bulletins
Acknowledgement
None.
Change History
11 May 2015: Original Copy Published
* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
30 January 2019
UID
ibm1MIGR-5097903