For the three security issues with openssl that could result in denial of service, a fix is available for IBM SONAS
CVEID:
CVE-2013-4353
CVE-2013-6449
CVE-2013-6450
DESCRIPTION:
OpenSSL is used in IBM SONAS for providing communication security by encrypting data being transmitted.
OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious S/MIME messages. By sending a specially-crafted TLS handshake, a remote attacker could exploit this vulnerability to cause a connecting client to crash.
CVE-2013-4353
CVSS Base Score: 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90201> for the current score
OpenSSL is vulnerable to a denial of service, caused by an error in the ssl_get_algorithm2 function. A remote attacker could exploit this vulnerability using specially-crafted traffic from a TLS 1.2 client to cause the daemon to crash.
CVE-2013-6449
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90068> for the current score
OpenSSL is vulnerable to a denial of service, caused by the failure to properly maintain data structures for digest and encryption contexts by the DTLS retransmission implementation. A remote attacker could exploit this vulnerability to cause the daemon to crash.
CVE-2013-6450
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90069> for the current score
IBM SONAS
The product is affected when running a code releases 1.3.0.0 to 1.4.3.2
A fix for these issues is in version 1.4.3.3 of IBM SONAS. Customers running an affected version of SONAS should upgrade to SONAS 1.4.3.3 or a later version, so that the fix gets applied.
Workaround(s) : None.
Mitigation(s) : A fix for these issues is in version 1.4.3.3 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.4.3.3 or a later version, so that the fix gets applied.
CPE | Name | Operator | Version |
---|---|---|---|
network attached storage (nas)->scale out network attached storage | eq | 1.4.3.3 |