Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM655407A669EE806D7CA7A3BFB955BFCA91C58C3840B8F8A89A0CF392B072BE5A
HistoryJan 31, 2019 - 2:25 a.m.

Security Bulletin: Vulnerabilities in libxml2 affect IBM RackSwitch Products

2019-01-3102:25:02
www.ibm.com
16

EPSS

0.002

Percentile

58.5%

JSON

Summary

IBM RackSwitch Products have addressed the following vulnerabilities in libxml2.

Vulnerability Details

Summary

IBM RackSwitch Products have addressed the following vulnerabilities in libxml2.

Vulnerability Details:

CVEID: CVE-2017-9050

Description: libxml2 is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the xmlDictAddString function in dict.c. By sending a specially-crafted request, a local attacker could overflow a buffer and cause the application to crash.

CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126277&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-9049

Description: libxml2 is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the xmlDictComputeFastKey function in dict.c. By sending a specially-crafted request, a local attacker could overflow a buffer and cause the application to crash.

CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126276&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Product Affected Version
IBM RackSwitch G8052 7.11
IBM RackSwitch G8124/G8124E 7.11
IBM RackSwitch G8264 7.11
IBM RackSwitch G8264CS 7.8
IBM RackSwitch G8264T 7.9
IBM RackSwitch G8316 7.9
IBM RackSwitch G8332 7.7

Remediation/Fixes:

Firmware fix versions are available on Fix Central:
<http://www.ibm.com/support/fixcentral/&gt;.

Product Fix Version
IBM RackSwitch G8052 (G8052_Image_7.11.11.0) 7.11.11.0
IBM RackSwitch G8124/G8124E ( G8124_G8124E_Image_7.11.11.0) 7.11.11.0
IBM RackSwitch G8264 (G8264_Image_7.11.11.0) 7.11.11.0
IBM RackSwitch G8264CS (G8264CS_Image_7.8.18.0) 7.8.18.0
IBM RackSwitch G8264T (G8264T_Image_7.9.21.0) 7.9.21.0
IBM RackSwitch G8316 (G8316_Image_7.9.21.0) 7.9.21.0
IBM RackSwitch G8332 (G8332_Image_7.7.27.0) 7.7.27.0

Workaround(s) & Mitigation(s):

None

References:

Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Lenovo Product Security Advisories

Acknowledgement

None

Change History
17 November 2017: Original Copy Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an โ€œindustry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.โ€ IBM PROVIDES THE CVSS SCORES โ€œAS ISโ€ WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

ibm 11
ubuntucve 2
nessus 26
openvas 23
redhatcve 2
cve 2
debian 3
osv 6
debiancve 2
nvd 2
prion 2
cvelist 2
freebsd 1
rubygems 1
ubuntu 2
veracode 2
github 1
cloudfoundry 1
photon 1
altlinux 2
gentoo 1
mageia 1
fedora 2
apple 14
redhat 1
suse 3
tenable 1
ics 1
ibm
ibm
Security Bulletin: Vulnerabilities in libxml2 affect IBM Flex System Networking Switch Products
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in libxml2 affect IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in libxml2 affect IBM BladeCenter Advanced Management Module (AMM)
2023-04-14 14:32:25
ubuntucve
ubuntucve
CVE-2017-9049
2017-05-18 00:00:00
CVE-2017-9050
2017-05-18 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1538-1)
2017-06-13 00:00:00
openSUSE Security Update : libxml2 (openSUSE-2017-711)
2017-06-20 00:00:00
Photon OS 1.0: Libxml2 PHSA-2017-0024
2019-02-07 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:1587-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1538-1)
2021-04-19 00:00:00
Debian: Security Advisory (DLA-1008-1)
2018-01-28 00:00:00
redhatcve
redhatcve
CVE-2017-9049
2017-05-19 08:26:04
CVE-2017-9050
2017-05-19 08:26:34
cve
cve
CVE-2017-9049
2017-05-18 06:29:00
CVE-2017-9050
2017-05-18 06:29:00
debian
debian
[SECURITY] [DLA 1008-1] libxml2 security update
2017-06-30 20:47:21
[SECURITY] [DSA 3952-1] libxml2 security update
2017-08-23 04:54:22
[SECURITY] [DSA 3952-1] libxml2 security update
2017-08-23 04:54:22
osv
osv
libxml2 - security update
2017-06-30 00:00:00
libxml2 - security update
2017-08-23 00:00:00
Out-of-bounds read in nokogiri
2017-12-13 21:38:24
debiancve
debiancve
CVE-2017-9049
2017-05-18 06:29:00
CVE-2017-9050
2017-05-18 06:29:00
nvd
nvd
CVE-2017-9049
2017-05-18 06:29:00
CVE-2017-9050
2017-05-18 06:29:00
prion
prion
Heap overflow
2017-05-18 06:29:00
Heap overflow
2017-05-18 06:29:00
cvelist
cvelist
CVE-2017-9049
2017-05-18 06:13:00
CVE-2017-9050
2017-05-18 06:13:00
freebsd
freebsd
libxml2 -- Multiple Issues
2017-05-10 00:00:00
rubygems
rubygems
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
2017-09-18 21:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2017-10-10 00:00:00
libxml2 vulnerabilities
2017-09-19 00:00:00
veracode
veracode
Heap-based Buffer Overflow Through Embedded C Dependency
2017-05-17 06:35:24
Vulnerability Through C Libraries
2017-11-01 05:30:33
github
github
Out-of-bounds read in nokogiri
2017-12-13 21:38:24
cloudfoundry
cloudfoundry
USN-3424-1: libxml2 vulnerabilities | Cloud Foundry
2017-11-01 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0024
2017-07-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.9.0.52.f824-alt1
2019-05-22 00:00:00
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.9.0.52.f824-alt1
2019-05-22 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-11-10 00:00:00
mageia
mageia
Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities
2018-01-03 18:50:51
fedora
fedora
[SECURITY] Fedora 26 Update: libxml2-2.9.7-1.fc26
2018-02-14 17:11:02
[SECURITY] Fedora 27 Update: libxml2-2.9.7-1.fc27
2018-01-30 18:12:24
apple
apple
About the security content of iTunes 12.7 for Windows
2017-09-12 00:00:00
About the security content of iTunes 12.7 for Windows - Apple Support
2018-10-18 05:03:03
About the security content of iCloud for Windows 7.0
2017-09-25 00:00:00
redhat
redhat
(RHSA-2018:2486) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
2018-08-16 16:05:21
suse
suse
Security update for SLES 12-SP2 Docker image (important)
2017-10-11 03:08:09
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

EPSS

0.002

Percentile

58.5%

JSON
Related for 655407A669EE806D7CA7A3BFB955BFCA91C58C3840B8F8A89A0CF392B072BE5A
ibm11ubuntucve2nessus26openvas23redhatcve2cve2debian3osv6debiancve2nvd2prion2cvelist2freebsd1rubygems1ubuntu2veracode2github1cloudfoundry1photon1altlinux2gentoo1mageia1fedora2apple14redhat1suse3tenable1ics1