Security Bulletin: Vulnerabilities in OpenSSH affect IBM XIV Gen2 (CVE-2016-0777, CVE-2016-0778)

Summary

An information leak flaw and buffer overflow flaw in the way the OpenSSH client roaming feature was implemented affects IBM XIV Gen2.

Vulnerability Details

CVEID: CVE-2016-0777
DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by a client information leak from using the roaming connection feature. By persuading a victim to connect to a malicious server, an attacker could exploit this vulnerability to retrieve private cryptographic keys or other sensitive information.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109635 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-0778
DESCRIPTION: OpenSSH is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the packet_write_wait() and ssh_packet_write_wait() API functions when two non-default options: a ProxyCommand and either ForwardAgent or ForwardX11are used. By persuading a victim to connect to a malicious server, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109636 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM XIV Gen2 systems running microcode versions 10.0 or later are affected.

Remediation/Fixes

Applying a non-disruptive patch that fixes this issue is available for versions 10.2.4.e-5 and 10.2.4.e-8. The application of this patch can be done via remote connection and would take about 5 minutes to be completed.

For versions other than 10.2.4.e-5 and 10.2.4.e-8, IBM recommends upgrading to a fixed, supported version of the product.