Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM81C982862CD4A19EE8072C4E12265F64CBC8CE9251F08BCA38C9BE50C74EAE77
HistoryApr 14, 2023 - 2:32 p.m.

Security Bulletin: Vulnerability in pam affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems (CVE-2013-7041)

2023-04-1414:32:25
www.ibm.com
10
ibm
imm2
vulnerability
pam
cve-2013-7041
security bulletin

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

71.5%

JSON

Summary

IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems have addressed the following vulnerability in pam.

Vulnerability Details

Summary

IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems have addressed the following vulnerability in pam.

Vulnerability Details:

CVE-ID: CVE-2013-7041

Description: pam_userdb module for Pam could provide weaker than expected security, caused by an error in the strncasecmp() function within the pam_userdb module for Pam on comparison of the stored hash password with the user’s password hash. An attacker could exploit this vulnerability using brute-force techniques to obtain user credentials.

CVSS Base Score: 2.1
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/89588&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

Product Affected Version
IBM Integrated Management Module II (IMM2) for System x and Flex Systems 1AOO
IBM Integrated Management Module II (IMM2) for BladeCenter Systems 1AOO

Remediation/Fixes:

Firmware fix versions are available on Fix Central:
<http://www.ibm.com/support/fixcentral/&gt;.

Product Fix Version
IBM Integrated Management Module II (IMM2) for System x and Flex Systems
ibm_fw_imm2_1aoo74f-5.80_anyos_noarch 1AOO74F-5.80
IBM Integrated Management Module II (IMM2) for BladeCenter Systems
ibm_fw_imm2_1aoo74f-5.80_bc-anyos_noarch 1AOO74F-5.80

You should verify applying this fix does not cause any compatibility issues.

Workaround(s) & Mitigation(s):

None

References:

Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Lenovo Product Security Advisories

Acknowledgement

None

Change History
14 September 2016: Original Copy Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Affected configurations

Vulners
Node
ibmintegrated_management_module_iiMatch1aoo
OR
ibmintegrated_management_module_iiMatch1aoo
VendorProductVersionCPE
ibmintegrated_management_module_ii1aoocpe:2.3:h:ibm:integrated_management_module_ii:1aoo:*:*:*:*:*:*:*

Related

ibm 2
ubuntucve 1
debiancve 1
cve 1
prion 1
cvelist 1
nvd 1
openvas 7
nessus 10
mageia 1
fedora 1
amazon 1
gentoo 1
ubuntu 3
cloudfoundry 1
ibm
ibm
Security Bulletin: IBM Flex System Manager (FSM) is affected by a Pluggable Authentication Module (PAM) vulnerability (CVE-2013-7041)
2018-06-18 01:33:18
Security Bulletin: Vulnerabilities in PAM affect Power Hardware Management Console (‪CVE-2013-7041 and CVE-2015-3238‬)
2021-09-23 01:31:39
ubuntucve
ubuntucve
CVE-2013-7041
2014-05-08 00:00:00
debiancve
debiancve
CVE-2013-7041
2014-05-08 14:29:12
cve
cve
CVE-2013-7041
2014-05-08 14:29:12
prion
prion
Design/Logic Flaw
2014-05-08 14:29:00
cvelist
cvelist
CVE-2013-7041
2014-05-08 14:00:00
nvd
nvd
CVE-2013-7041
2014-05-08 14:29:12
openvas
openvas
Fedora Update for pam FEDORA-2014-16350
2014-12-19 00:00:00
Mageia: Security Advisory (MGASA-2015-0213)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1645-1)
2021-06-09 00:00:00
nessus
nessus
SUSE SLES11 Security Update : pam (SUSE-SU-2016:1645-1)
2016-08-29 00:00:00
Amazon Linux AMI : pam (ALAS-2014-354)
2014-10-12 00:00:00
RHEL 6 : pam (Unpatched Vulnerability)
2024-06-03 00:00:00
mageia
mageia
Updated pam packages fix security vulnerabilities
2015-05-12 22:37:48
fedora
fedora
[SECURITY] Fedora 20 Update: pam-1.1.8-2.fc20
2014-12-18 06:07:52
amazon
amazon
Medium: pam
2014-06-15 16:18:00
gentoo
gentoo
Linux-PAM: Multiple vulnerabilities
2016-05-31 00:00:00
ubuntu
ubuntu
PAM vulnerabilities
2016-03-16 00:00:00
PAM regression
2016-03-17 00:00:00
PAM regression
2016-03-16 00:00:00
cloudfoundry
cloudfoundry
USN-2935-2 PAM regression | Cloud Foundry
2016-05-06 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

71.5%

JSON
Related for 81C982862CD4A19EE8072C4E12265F64CBC8CE9251F08BCA38C9BE50C74EAE77
ibm2ubuntucve1debiancve1cve1prion1cvelist1nvd1openvas7nessus10mageia1fedora1amazon1gentoo1ubuntu3cloudfoundry1