IBM Support

Security Bulletin: Vulnerability in Rational Licensing could allow code execution

Security Bulletin


Summary

The security issue was originally published as a high security vulnerability and based on our ongoing technical assessment we have reduced the severity to medium. The vulnerability is in the licensing functionality used by some IBM Rational products. The products/versions that are affected are listed below and fixes are available per the table below.

Vulnerability Details

Subscribe to My Notifications to be notified of important product support alerts like this.
  • Follow this link for more information (requires login with your IBM ID)

CVE ID: CVE-2011-1205

Description: The IBM Rational licensing implementation for Windows platforms is based on Microsoft COM framework. The licensing functionality is exposed to certain IBM Rational Programs through four different COM objects. The currently known attack vectors include opening local HTML files and allowing scripting in the "My Computer" zone or permitting the running of unsafe ActiveX controls in Internet Explorer. These are both considered unsafe behaviors.

Based on additional technical assessment of this security issue, IBM has lowered the base severity rating from high (CVSS 7.2), as originally reported, to medium (CVSS 6.2). At this time we have not identified a high risk exploitation vector for this vulnerability and we have no information indicating that there is an immediate risk of exploitation. IBM can not rule out other valid vectors and are continuing our evaluation; for this reason we have decided to inform our clients about this potential security issue and recommend that they install the appropriate fix as soon as possible.

As of 4/13/2011, IBM has not received any reports of customer issues related to this security vulnerability. The vulnerability was identified and reported to IBM by a security testing company, DBAPP Security.

CVSS Base Score: 6.2


CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/66324 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Affected Products and Versions

See table in remediation section for specific versions affected.

  • AppScan Build Edition/Express Edition/Standard Edition
  • AppScan Tester Edition/Reporting Console
  • AppScan Enterprise Edition
  • ClearCase/ClearCase MultiSite
  • ClearCase Change Management Solution/ClearCase Change Management Solution Enterprise Edition
  • ClearQuest/ClearQuest MultiSite
  • Functional Tester Plus (Rational Functional Tester is not affected, Robot is affected)
  • Lifecycle Package/Lifecycle Package with ClearCase
  • Performance Tester
  • Policy Tester Access Edition/Privacy Edition/Quality Edition
  • Purify/PurifyPlus for Windows/PurifyPlus Enterprise Edition
  • ProjectConsole
  • RequisitePro
  • Robot
  • Rose Data Modeler/Developer for Java/Developer for Visual Studio/Enterprise/Modeler/Technical Developer, Developer for Visual Basic, ADA Professional
  • SoDA

Remediation/Fixes

There are two solutions in the form of fixes and a Microsoft Security patch.

  • The IBM product fixpacks should be implemented as soon as practical and your business needs dictate.
  • IBM recommends applying the Microsoft Security patch as soon as possible.

Microsoft Security Patch:

Apply the security update outlined in Microsoft Security Bulletin MS11-027.

IBM Product Versions and Applicable Fixes:

Version
Product offeringAvailable fixpack or risk mitigation
7.8.0 – 7.8.0.2
RATL APPSCAN BUILD EDITION
(Bundle of Standard Edition and Source Edition. Source Edition is not affected)
http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=RASS-Windows-7.8-Security_iFix&continue=1
7.8.0 – 7.8.0.2
RATL APPSCAN EXPRESS EDITION http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=RASS-Windows-7.8-Security_iFix&continue=1
7.8.0 – 7.8.0.2
RATL APPSCAN STANDARD ED http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=RASS-Windows-7.8-Security_iFix&continue=1
5.6.0 – 5.6.0.3
RATL POLICY TESTER ACCESS ED http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Policy+Tester&fixids=ASE_PT-Windows-5.6.0.3-iFix_001&source=dbluesearch
5.6.0 – 5.6.0.3
RATL POLICY TESTER PRIVACY ED http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Policy+Tester&fixids=ASE_PT-Windows-5.6.0.3-iFix_001&source=dbluesearch
5.6.0 – 5.6.0.3
RATL POLICY TESTER QUALITY ED http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Policy+Tester&fixids=ASE_PT-Windows-5.6.0.3-iFix_001&source=dbluesearch

7.1.1 - 7.1.1.4
RATL CC CHG MGMT SOL ENT ED
(Bundle of ClearCase, ClearCase MultiSite, ClearQuest and ClearQuest MultiSite).
ClearCase 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029353

ClearQuest 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029352

7.1.1 - 7.1.1.4
RATL CC CHG MGMT SOL
(Bundle of ClearCase and ClearQuest)
ClearCase 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029353

ClearQuest 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029352

7.1.1 - 7.1.1.4
RATL CLEARCASE http://www.ibm.com/support/docview.wss?uid=swg24029353
7.1.1 - 7.1.1.4
RATL CLEARQUEST MSITE EXT. http://www.ibm.com/support/docview.wss?uid=swg24029352
7.1.1 - 7.1.1.4
RATL CLEARQUEST http://www.ibm.com/support/docview.wss?uid=swg24029352
7.1.1 - 7.1.1.4
RATL CLRCASE AND MSITE EXT http://www.ibm.com/support/docview.wss?uid=swg24029353
7.1.1 - 7.1.1.4
RATL CLRCASE MULTISITE EXThttp://www.ibm.com/support/docview.wss?uid=swg24029353
7.1.1 - 7.1.1.4
RATL CLRQUEST & MSITE EXT http://www.ibm.com/support/docview.wss?uid=swg24029352
7.1.1 - 7.1.1.4
RATL LIFECYCLE PACKAGE
(Bundle of ClearQuest, RequisitePro and Rational Method Composer. Rational Method Composer is not affected.)
ClearQuest 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029352

RequisitePro 7.1.1–7.1.1.4:

http://www.ibm.com/support/docview.wss?uid=swg24029184

7.1.1 - 7.1.1.4
RATL LIFECYCLE PKG W/CC
(Bundle of ClearCase ClearQuest, RequisitePro and Rational Method Composer. Rational Method Composer is not affected.)
ClearCase 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029353

ClearQuest 7.1.1-7.1.1.4: http://www.ibm.com/support/docview.wss?uid=swg24029352

RequisitePro 7.1.1–7.1.1.4:

http://www.ibm.com/support/docview.wss?uid=swg24029184

7.1.1 - 7.1.1.4
RATL REQUISITEPRO http://www.ibm.com/support/docview.wss?uid=swg24029184
7.0.3 - 7.0.3.4
RATL Project Consoleftp://public.dhe.ibm.com/software/rational/ProjectConsole/7.0.3.5/7.0.3.5-RATL-RPJC-WIN-FP05.zip

7.1.0 - 7.1.0.2
RATL CC CHG MGMT SOL ENT ED
(Bundle of ClearCase, ClearCase MultiSite, ClearQuest and ClearQuest MultiSite.)
ClearCase 7.1.0-7.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029413

ClearQuest 7.1.0-7.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029413

7.1.0 - 7.1.0.2
RATL CC CHG MGMT SOL
(Bundle of ClearCase and ClearQuest)
ClearCase 7.1.0-7.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029413

ClearQuest 7.1.0-7.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029413

7.1.0 - 7.1.0.2
RATL CLEARCASE http://www.ibm.com/support/docview.wss?uid=swg24029413
7.1.0 - 7.1.0.2
RATL CLEARQUEST MSITE EXT. http://www.ibm.com/support/docview.wss?uid=swg24029413
7.1.0 - 7.1.0.2
RATL CLEARQUEST http://www.ibm.com/support/docview.wss?uid=swg24029413
7.1.0 - 7.1.0.2
RATL CLRCASE AND MSITE EXT http://www.ibm.com/support/docview.wss?uid=swg24029413
7.1.0 - 7.1.0.2
RATL CLRCASE MULTISITE EXThttp://www.ibm.com/support/docview.wss?uid=swg24029413
7.1.0 - 7.1.0.2
RATL CLRQUEST & MSITE EXThttp://www.ibm.com/support/docview.wss?uid=swg24029413
7.1.0 - 7.1.0.2
RATL LIFECYCLE PACKAGE
(Bundle of ClearQuest, RequisitePro and Rational Method Composer. Rational Method Composer is not affected.)
ClearQuest 7.1.0-7.1.0.2:

http://www.ibm.com/support/docview.wss?uid=swg24029413

RequisitePro 7.1.0-7.1.0.2:

http://www.ibm.com/support/docview.wss?uid=swg24029413

7.1.0 - 7.1.0.2
RATL LIFECYCLE PKG W/CC
(Bundle of ClearCase ClearQuest, RequisitePro and Rational Method Composer. Rational Method Composer is not affected.)
ClearCase 7.1.0-7.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029413

ClearQuest 7.1.0-7.1.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029413

RequisitePro 7.1.0-7.1.0.2:

http://www.ibm.com/support/docview.wss?uid=swg24029413

7.1.0 - 7.1.0.2
RATL REQUISITEPRO http://www.ibm.com/support/docview.wss?uid=swg24029413
7.0.2 - 7.0.2.2
RATL ROBOT http://www.ibm.com/support/docview.wss?uid=swg24029413
7.0.2 - 7.0.2.2
RATL SODAhttp://www.ibm.com/support/docview.wss?uid=swg24029413
7.0.2 - 7.0.2.2
RATL Project Consolehttp://www.ibm.com/support/docview.wss?uid=swg24029413

7.0.0.4 - 7.0.0.9
RATL CC CHG MGMT SOL ENT ED
(Bundle of ClearCase, ClearCase MultiSite, ClearQuest and ClearQuest MultiSite)
ClearCase 7.0.0.4-7.0.0.9:

ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip

ClearQuest 7.0.0.4-7.0.0.9:

ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip

7.0.0.4 - 7.0.0.9
RATL CC CHG MGMT SOL
(Bundle of ClearCase and ClearQuest)
ClearCase 7.0.0.4-7.0.0.9: ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip

ClearQuest 7.0.0.4-7.0.0.9: ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip

7.0.0.4 - 7.0.0.9
RATL CLEARCASE ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL CLEARQUEST MSITE EXT. ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL CLEARQUEST ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL CLRCASE AND MSITE EXT ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL CLRCASE MULTISITE EXTftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL CLRQUEST & MSITE EXTftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL REQUISITEPRO ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL ROBOT ftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL SODAftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip
7.0.0.4 - 7.0.0.9
RATL Project Consoleftp://public.dhe.ibm.com/software/rational/licensing/7.0.0/7.0.0.x-RATL-FLEXC-WIN.zip



7.0.1.3 - 7.0.1.11
RATL ROBOT ftp://ftp.software.ibm.com/software/rational/robot/7.0.1/7.0.1.12/7.0.1.12-RATL-RRBT-WIN-en-US-FP12.msp
7.0.1.3 - 7.0.1.11
RATL Project Consoleftp://public.dhe.ibm.com/software/rational/ProjectConsole/7.0.1.11/7.0.1.11-RATL-RPJC-WIN-all-FP11.zip
7.0.1.3 - 7.0.1.11
RATL REQUISITEPRO http://www.ibm.com/support/docview.wss?uid=swg24029189

8.1 – 8.1.0.3
RATL PERFORMANCE TESTERhttp://www.ibm.com/support/docview.wss?uid=swg24029363
8.1.1 – 8.1.1.2
RATL PERFORMANCE TESTERhttp://www.ibm.com/support/docview.wss?uid=swg24029360

8.0.0
RATL FUNCTIONAL TESTER PLUS
(Bundle of Rational Functional Tester and Robot. Rational Functional Tester is not affected)
Robot 7.0.2-7.0.2.2: http://www.ibm.com/support/docview.wss?uid=swg24029413
8.1.0 - 8.1.1
RATL FUNCTIONAL TESTER PLUS
(Bundle of Rational Functional Tester and Robot. Rational Functional Tester is not affected
Robot 7.0.3-7.0.3.4:

http://public.dhe.ibm.com/software/rational/robot/7.0.3/7.0.3.4/7.0.3.4-RATL-RRBT-WIN-FP04.zip


Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

None

Change History

* 13 April 2011- Removed RCL Kill-bit_v2.zip file and steps as Microsoft's Security Fix has superseded this alternative risk mitigation.
* 05 April 2011- Changed base CVSS score, resulting in the advisory severity being lowered from high to medium
* 31 March 2011- Incremented RCL kill-bit.zip file to RCL kill-bit_v2.zip. The initial RCL Kill-bit.reg did not include all of the affected CLSIDs. If you have already applied RCL Kill-bit.reg, you will need to apply RCL Kill-bit_v2.
* 28 March 2011 - Original copy published.

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Internal Use Only


Removed the following from the tables due to broken links:

7.0.0.4 – 7.0.0.6

7.0.1

RATL PURIFY FOR WINDOWShttp://www.ibm.com/support/docview.wss?uid=swg24029478
7.0.0.4 – 7.0.0.6

7.0.1

RATL PURIFYPLUS ENT EDITION
(Bundle of PurifyPlus Windows and PurifyPlus Linux and Unix. Purify Plus for Linux and Unix is not affected)
http://www.ibm.com/support/docview.wss?uid=swg24029478
7.0.0.4 – 7.0.0.6

7.0.1

RATL PURIFYPLUS FOR WINDOWShttp://www.ibm.com/support/docview.wss?uid=swg24029478
7.9.0
RATL APPSCAN BUILD EDITION
(Bundle of Standard Edition and Source Edition. Source Edition is not affected)
http://www.ibm.com/support/docview.wss?uid=swg24029447
7.9.0 – 7.9.0.3
RATL APPSCAN EXPRESS EDITION http://www.ibm.com/support/docview.wss?uid=swg24029447
7.9.0 – 7.9.0.3
RATL APPSCAN STANDARD ED http://www.ibm.com/support/docview.wss?uid=swg24029447
7.0.3 - 7.0.3.4
RATL ROBOT http://www.ibm.com/support/docview.wss?uid=swg24029464
8.0.0 – 8.0.0.1
RATL APPSCAN ENTERPRISE ED http://www.ibm.com/support/docview.wss?uid=swg24029389
8.0.0 – 8.0.0.1
RATL APPSCAN REPORTING CONSOLEhttp://www.ibm.com/support/docview.wss?uid=swg24029389
8.0.0 – 8.0.0.1
RATL APPSCAN TESTER ED http://www.ibm.com/support/docview.wss?uid=swg24029389
7.0.3 - 7.0.3.4
RATL SODA http://www.ibm.com/support/docview.wss?uid=swg24029454
7.0.1.3 - 7.0.1.11
RATL SODAhttp://www.ibm.com/support/docview.wss?uid=swg24029457

8.0.0 – 8.0.0.1
RATL APPSCAN BUILD EDITION
(Bundle of Standard Edition and Source Edition. Source Edition is not affected )
http://www.ibm.com/support/docview.wss?uid=swg24029444
8.0.0 – 8.0.0.1
RATL APPSCAN EXPRESS EDITION http://www.ibm.com/support/docview.wss?uid=swg24029444
8.0.0 – 8.0.0.1
RATL APPSCAN STANDARD ED http://www.ibm.com/support/docview.wss?uid=swg24029444


------------------------------------------------------------------------------------------------

Document Link Icon -- IBM CONFIDENTIAL FAQ: Vulnerability in IBM Rational Licensing could allow code execution

INTERNAL URL: http://bit.ly/h4QgKs

v1 RCL kill-bit.zip

Alternative Solution: If for some reason you cannot apply the fix to the individual products, download and apply the following interim risk mitigation:

Disclaimer

This solution contains information about modifying the system registry. Before making any modifications to the Microsoft Registry Editor, it is strongly recommended that you make a backup of the existing registry. For more information describing how to back up the registry, refer to Microsoft Knowledge Base article 256986

  1. Save and decompress the attached file RCL kill-bit_v2.zip to a folder on each of the client machines which uses the Rational Licensing application.
    RCL kill-bit_v2.zip
    RCL kill-bit_v2.zip

  2. Double click the RCL kill-bit_v2.reg file.

  3. Click Yes when the prompt shown below is displayed:




  4. The Microsoft Windows registry is modified, and the following alert is shown indicating the successful modification of the registry and the implementation of the interim fix:

[{"Product":{"code":"SSTMW6","label":"Rational License Key Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"PF033","label":"Windows"}],"Version":"7.0;7.0.0.1;7.0.0.2;7.0.1;7.0.1.1;7.0.3.1;7.1;7.1.0.1;7.1.0.2;7.1.1;7.1.1.1;7.1.1.2;7.1.1.3;7.1.1.4","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg21470998