Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6C19A1B08B7A9D998D6C90A501C2F7B1B2E4E3D475CB6FE4716A08A83906C223
HistoryJun 18, 2018 - 1:30 a.m.

Security Bulletin: Vulnerabilities in the GNU C Libraries (glibc) affect IBM Flex System Manager(FSM) (CVE-2013-2207, CVE-2014-8121, CVE-2015-1781)

2018-06-1801:30:10
www.ibm.com
15

0.105 Low

EPSS

Percentile

95.0%

JSON

Summary

Multiple security vulnerabilities have been discovered in the GNU C Library (glibc) that is embedded in the IBM FSM. These vulnerabilities are addressed in this bulletin.

Vulnerability Details

CVEID: CVE-2013-2207**
DESCRIPTION:** The GNU C Library (glibc) could allow a local attacker to bypass security restrictions, caused by an error in the pt_chown() function. An attacker could exploit this vulnerability to gain unauthorized access to the pseudoterminal of other users.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/86914 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-8121**
DESCRIPTION:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102652 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-1781**
DESCRIPTION:** GNU C Library (glibc) is vulnerable to a buffer overflow, caused by improper bounds checking by the gethostbyname_r() and other related functions. By sending a specially-crafted argument, a remote attacker could overflow a buffer and execute arbitrary code on the system elevated privileges or cause the application to crash.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102500 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P)

Affected Products and Versions

Flex System Manager 1.3.4.x
Flex System Manager 1.3.3.x
Flex System Manager 1.3.2.x
Flex System Manager 1.3.1.x
Flex System Manager 1.3.0.x
Flex System Manager 1.2.x.x
Flex System Manager 1.1.x.x

Remediation/Fixes

IBM recommends updating the FSM using the instructions referenced in this table.

Warning: Agents older than version 6.3.5 must be updated using the Technote listed in these Remediation plans before this FSM fix is installed or you will permanently lose contact with the endpoint with agents older than version 6.3.5

Product |

VRMF |

APAR |

Remediation
—|—|—|—
Flex System Manager|

1.3.4.x |

IT12599

| Verify the required Java updates have been completed, then install fsmfix1.3.4.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602

Instructions for verifying installation of the Java updates can be found in the “Confirm the fixes were applied properly” section of Technote 761981453.

Flex System Manager|

1.3.3.x |

IT12599

| Verify the required Java updates have been completed, then install fsmfix1.3.3.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602

Instructions for verifying installation of the Java updates can be found in the “Confirm the fixes were applied properly” section of Technote 736218441.

Flex System Manager|

1.3.2.x |

IT12599

| Verify the required Java updates have been completed, then install fsmfix1.3.2.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602

Instructions for verifying installation of the Java updates can be found in the “Confirm the fixes were applied properly” section of Technote 736218441.

Flex System Manager|

1.3.1.x |

IT12599

| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities.
Flex System Manager|

1.3.0.x |

IT12599

| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities.
Flex System Manager|

1.2.x.x |

IT12599

| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities.
Flex System Manager|

1.1.x.x |

IT12599 | IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities.

Workarounds and Mitigations

None

CPENameOperatorVersion
flex system manager nodeeqany

Related

nessus 40
openvas 35
ibm 24
suse 2
cvelist 3
nvd 3
debiancve 3
osv 2
debian 4
prion 3
archlinux 2
cve 3
ubuntucve 3
mageia 2
f5 2
checkpoint_advisories 1
fedora 6
ubuntu 2
cloudfoundry 1
amazon 3
redhat 4
centos 3
oraclelinux 3
securityvulns 2
gentoo 2
nessus
nessus
SUSE SLED11 / SLES11 Security Update : glibc (SUSE-SU-2015:1424-1)
2015-08-25 00:00:00
openSUSE Security Update : glibc / glibc-testsuite / glibc-utils / etc (openSUSE-2015-383)
2015-05-28 00:00:00
SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2015:1844-1)
2015-11-02 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:1424-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1844-1)
2021-04-19 00:00:00
Mageia: Security Advisory (MGASA-2015-0195)
2022-01-28 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in GNU glibc affect IBM Security Network Intrusion Prevention System (CVE-2013-2207, CVE-2014-8121, and CVE-2015-1781 )
2022-02-23 19:48:26
Security Bulletin: GNU C library (glibc) vulnerabilities affect IBM SmartCloud Entry (CVE-2014-8121)
2020-07-19 00:49:12
Security Bulletin: Vulnerabilities in Open Source glibc affect IBM Security Identity Governance (CVE-2014-8121)
2018-06-16 21:31:34
suse
suse
Security update for glibc (important)
2015-08-21 18:10:09
Security update for glibc (important)
2016-02-16 20:15:44
cvelist
cvelist
CVE-2014-8121
2015-03-27 14:00:00
CVE-2015-1781
2015-09-28 20:00:00
CVE-2013-2207
2013-10-09 22:00:00
nvd
nvd
CVE-2014-8121
2015-03-27 14:59:03
CVE-2013-2207
2013-10-09 22:55:02
CVE-2015-1781
2015-09-28 20:59:00
debiancve
debiancve
CVE-2014-8121
2015-03-27 14:59:03
CVE-2013-2207
2013-10-09 22:55:02
CVE-2015-1781
2015-09-28 20:59:00
osv
osv
eglibc - security update
2015-09-27 00:00:00
eglibc - security update
2016-02-16 00:00:00
debian
debian
[SECURITY] [DLA 316-1] eglibc security update
2015-09-27 15:20:31
[SECURITY] [DLA 230-1] eglibc security update
2015-05-27 18:03:22
[SECURITY] [DSA 3480-1] eglibc security update
2016-02-16 14:18:16
prion
prion
Design/Logic Flaw
2015-03-27 14:59:00
Design/Logic Flaw
2013-10-09 22:55:00
Buffer overflow
2015-09-28 20:59:00
archlinux
archlinux
glibc: denial of service
2015-08-16 00:00:00
glibc: arbitrary code execution
2015-04-23 00:00:00
cve
cve
CVE-2014-8121
2015-03-27 14:59:03
CVE-2013-2207
2013-10-09 22:55:02
CVE-2015-1781
2015-09-28 20:59:00
ubuntucve
ubuntucve
CVE-2014-8121
2015-03-27 00:00:00
CVE-2013-2207
2013-10-09 00:00:00
CVE-2015-1781
2015-09-28 00:00:00
mageia
mageia
Updated glibc packages fix security vulnerabilities
2015-05-06 18:16:01
Updated glibc package fixes security vulnerabilities
2013-11-22 22:44:49
f5
f5
SOL16865 - GNU C Library (glibc) vulnerability CVE-2015-1781
2015-07-08 00:00:00
K16865 : GNU C Library (glibc) vulnerability CVE-2015-1781
2015-07-08 00:00:00
checkpoint_advisories
checkpoint_advisories
GNU C Library glibc getanswer_r Buffer Overflow (CVE-2015-1781)
2015-05-07 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: glibc-2.16-34.fc18
2013-09-05 01:34:33
[SECURITY] Fedora 22 Update: glibc-2.21-11.fc22
2016-02-17 12:51:37
[SECURITY] Fedora 19 Update: glibc-2.17-14.fc19
2013-08-27 23:29:45
ubuntu
ubuntu
GNU C Library vulnerabilities
2016-05-25 00:00:00
GNU C Library regression
2016-05-26 00:00:00
cloudfoundry
cloudfoundry
USN-2985-2 GNU C Library regression | Cloud Foundry
2016-06-13 00:00:00
amazon
amazon
Medium: glibc
2015-03-23 08:30:00
Medium: glibc
2015-04-22 16:12:00
Important: glibc
2015-12-14 10:00:00
redhat
redhat
(RHSA-2015:0327) Moderate: glibc security and bug fix update
2015-03-05 00:00:00
(RHSA-2015:0863) Moderate: glibc security and bug fix update
2015-04-21 00:00:00
(RHSA-2015:2199) Moderate: glibc security, bug fix, and enhancement update
2015-11-19 14:39:58
centos
centos
glibc, nscd security update
2015-03-17 13:28:04
glibc, nscd security update
2015-04-21 13:07:39
glibc, nscd security update
2015-11-30 19:30:07
oraclelinux
oraclelinux
glibc security and bug fix update
2015-04-21 00:00:00
glibc security, bug fix, and enhancement update
2015-11-24 00:00:00
glibc security and bug fix update
2015-03-09 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:218 ] glibc
2015-05-05 00:00:00
GNU glibc security vulnerabilities
2015-05-05 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2016-02-17 00:00:00
GNU C Library: Multiple vulnerabilities
2015-03-08 00:00:00

0.105 Low

EPSS

Percentile

95.0%

JSON
Related for 6C19A1B08B7A9D998D6C90A501C2F7B1B2E4E3D475CB6FE4716A08A83906C223
nessus40openvas35ibm24suse2cvelist3nvd3debiancve3osv2debian4prion3archlinux2cve3ubuntucve3mageia2f52checkpoint_advisories1fedora6ubuntu2cloudfoundry1amazon3redhat4centos3oraclelinux3securityvulns2gentoo2