Lucene search

IBM6D699798B8F39EB564F15CD514E32D99A517EA613E67CA04D4406F00EDF11A1B

HistorySep 15, 2023 - 1:29 p.m.

Security Bulletin: Vulnerabilities in cURL libcurl might affect IBM Spectrum Copy Data Management

2023-09-1513:29:27

www.ibm.com

ibm spectrum copy data management

curl libcurl

vulnerabilities

gss delegation

telnet options

denial of service

sensitive information

ssh connection

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

60.2%

JSON

Summary

IBM Spectrum Copy Data Management can be affected by vulnerabilities in cURL libcurl. Vulnerabilities include exploiting the vulnerabilities to reuse a previously created connection even when the GSS delegation, to pass on user name and “telnet options” for the server negotiation, to cause a denial of service condition, to obtain sensitive information from other directory and use this information to launch further attacks against the affected system, to reuse a previously created connection even when an SSH related option had been changed, and to reuse a previously created FTP connection, as described by the CVEs in the “Vulnerability Details” section. The vulnerabilities have been addressed.

Vulnerability Details

CVEID:CVE-2023-27536
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a GSS delegation too eager connection re-use flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to reuse a previously created connection even when the GSS delegation.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250531 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-27533
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a TELNET option IAC injection flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to pass on user name and “telnet options” for the server negotiation.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250476 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)

CVEID:CVE-2023-27537
**DESCRIPTION:**cURL libcurl is vulnerable to a denial of service, caused by a double free or use-after-free flaw when sharing HSTS data between separate “handles”. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250532 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-27534
**DESCRIPTION:**cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a SFTP path ~ resolving discrepancy flaw. By sending a specially crafted request using a tilde (~) character, an attacker could exploit this vulnerability to obtain sensitive information from other directory, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250529 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-27538
**DESCRIPTION:**cURL libcurl could allow a local attacker to bypass security restrictions, caused by a SSH connection too eager reuse still flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to reuse a previously created connection even when an SSH related option had been changed.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250533 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2023-27535
**DESCRIPTION:**cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a FTP too eager connection reuse flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to reuse a previously created FTP connection.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/250530 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Spectrum Copy Data Management	2.2.0.0 - 2.2.20.1

Remediation/Fixes

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmspectrum_copy_data_managementMatch2.2

CPENameOperatorVersion
ibm spectrum copy data managementeq2.2

CPE	Name	Operator	Version
	ibm spectrum copy data management	eq	2.2

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

60.2%

JSON

Related for 6D699798B8F39EB564F15CD514E32D99A517EA613E67CA04D4406F00EDF11A1B