IBM Support

Security Bulletin: Vulnerabilities in libcurl and cURL affect Rational DOORS (CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153, CVE-2015-3236)

Security Bulletin


Summary

Vulnerabilities in libcurl and cURL affect Rational DOORS.

Vulnerability Details

CVEID: CVE-2015-3143
DESCRIPTION:
libcurl could allow a remote attacker from within the local network to bypass security restrictions, caused by the re-use of recently authenticated connections. By sending a new NTLM-authenticated request, an attacker could exploit this vulnerability to perform unauthorized actions with the privileges of the victim.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102888 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-3144
DESCRIPTION:
libcurl and cRUL are vulnerable to a denial of service, caused by improper calculation of index by the fix_hostname function. By using a zero-length host name, an remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102886 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-3145
DESCRIPTION:
libcurl and cRUL are vulnerable to a denial of service, caused by improper calculation of index by the sanitize_cookie_path function. By using a double-quote character in a cookie path, an remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102884 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-3148
DESCRIPTION:
libcurl and cRUL could allow a remote attacker to bypass security restrictions, caused by improper use of the negotiate authentication method. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions and connect as other users.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102878 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)



CVE-ID: CVE-2015-3153
Description: cURL/libcURL could allow a remote attacker to obtain sensitive information, caused by custom HTTP headers with sensitive content being sent to the server and intermediate proxy by the CURLOPT_HTTPHEADER option. An attacker could exploit this vulnerability to obtain authentication cookies or other sensitive information.
CVSS Base Score: 5.000

CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102989 for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-3236
Description
: libcurl could allow a remote attacker to obtain sensitive information, caused by the HTTP credentials being sent when re-using connections. An attacker could exploit this vulnerability using unknown attack vectors to obtain sensitive information.
CVSS Base Score
: 5
CVSS Temporal Score
: https://exchange.xforce.ibmcloud.com/vulnerabilities/105326 for the current score
CVSS Vector
: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

Rational DOORS: 9.3.0.0 - 9.3.0.10, 9.4.0.0 - 9.4.0.4, 9.5.0.0 - 9.5.0.4, 9.5.1.0 - 9.5.1.5, 9.5.2.0 - 9.5.2.4, 9.6.0.0 - 9.6.0.3, 9.6.1.0 - 9.6.1.3

The following Rational DOORS components are affected:

  • Rational DOORS desktop client
  • Rational DOORS database server
  • Rational DOORS interoperation server

FIPS 140 and NIST SP 800-131A compliance

Rational DOORS v9.3, v9.4, and v9.5 use IBM Global Security Kit (GSKit) versions 7. GSKit is required for configuring SSL and TLS encryption for compliance with Federal Information Processing Standards (FIPS) publication 140-2 and NIST Special Publication (SP) 800-131A. The Random Number Generators (RNGs) that are included in GSKit version 7 are deprecated from 2011 to 2015 and disallowed after December 2015. To maintain compliance with FIPS 140 and NIST SP 800-131A, upgrade to new fix packs, as described in the following section.

Remediation/Fixes

Upgrade to the fix pack that corresponds to the version of Rational DOORS that you are running, as shown in the following table. Upgrade the Rational DOORS client, the Rational DOORS database server, and the Rational DOORS interoperation server.
You should verify applying this fix does not cause any compatibility issues.

Rational DOORS versionUpgrade to fix pack
9.3
9.3.0.1 - 9.3.0.10
9.3.0.11
9.4
9.4.0.1 - 9.4.0.4
9.4.0.5
9.5
9.5.0.1 - 9.5.0.4
9.5.0.5
9.5.1
9.5.1.1 - 9.5.1.5
9.5.1.6
9.5.2
9.5.2.1 - 9.5.2.4
9.5.2.5
9.6.0
9.6.0.1 - 9.6.0.3
9.6.0.4
9.6.1
9.6.1.1 - 9.6.1.3
9.6.1.4

For Rational DOORS version 9.2.x and earlier, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

If you are using Rational DOORS Web Access, after you upgrade but before you start the Rational DOORS Web Access server, edit the core configuration file and set the required version of the interoperation server to the version of the fix pack upgrade, as described in this procedure.

Procedure:

  1. To edit the Rational DOORS Web Access core configuration file, open the festival.xml file, which is in the server\festival\config directory.

  2. Add the following line in the <f:properties> section:

    <f:property name="interop.version" value="9.n.n.n" />

    Replace "9.n.n.n" with the version of the fix pack upgrade: 9.3.0.11, 9.4.0.5, 9.5.0.5, 9.5.1.6, 9.5.2.5, 9.6.0.4, or 9.6.1.4.

  3. Save and close the file.

After this revision, only the specified version of the interoperation server can access the Rational DOORS database.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

None

Change History

* 22 October 2015: Original copy published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

[{"Product":{"code":"SSYQBZ","label":"Rational DOORS"},"Business Unit":{"code":"BU005","label":"IoT"},"Component":"Configuration","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"9.3;9.3.0.1;9.3.0.10;9.3.0.2;9.3.0.3;9.3.0.4;9.3.0.5;9.3.0.6;9.3.0.7;9.3.0.8;9.3.0.9;9.4;9.4.0.1;9.4.0.2;9.4.0.3;9.4.0.4;9.5;9.5.0.1;9.5.0.2;9.5.0.3;9.5.0.4;9.5.1;9.5.1.1;9.5.1.2;9.5.1.3;9.5.1.4;9.5.1.5;9.5.2;9.5.2.1;9.5.2.2;9.5.2.3;9.5.2.4;9.6;9.6.0.1;9.6.0.2;9.6.0.3;9.6.1;9.6.1.1;9.6.1.2;9.6.1.3","Edition":""}]

Document Information

Modified date:
17 June 2018

UID

swg21967789