Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM b-type SAN switches and directors and IBM Network Advisor (CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0704, CVE-2016-0704, CVE-2016-2842).

Summary

OpenSSL vulnerabilities were disclosed on March 1, 2016 by the OpenSSL Project. OpenSSL is used by IBM b-type SAN switches and directors and IBM Network Advisor. IBM has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2016-0705DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service.CVSS Base Score: 3.7CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111140 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-0797DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the BN_hex2bn/BN_dec2bn() function. An attacker could exploit this vulnerability using specially crafted data to cause a denial of service.CVSS Base Score: 3.7CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111142 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-0799DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a memory error in the BIO_printf() functions. An attacker could exploit this vulnerability using specially crafted data to trigger an out-of-bounds read.CVSS Base Score: 3.7CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111143 for the current scoreCVSS Environmental Score: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-0702DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel Sandy-Bridge microarchitecture. An attacker could exploit this vulnerability to recover RSA keys.CVSS Base Score: 2.9CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111144 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-0703DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by the failure to enforce that a clear-key-length value is 0 for non-export ciphers by the SSLv2 's2_srvr.c code. When clear-key bytes displace encrypted-key bytes, an attacker could exploit this vulnerability to conduct a divide-and-conquer key recovery attack.CVSS Base Score: 7.4CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111145 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2016-0704DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions. The s2_srvr.c code overwrites the wrong bytes in the master-key when applying Bleichenbacher protection for export cipher suites. An attacker could exploit this vulnerability using a Bleichenbacher oracle to decrypt sessions.CVSS Base Score: 5.9CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111146 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2016-2842DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to verify that a certain memory allocation succeeds by the doapr_outch function. A remote attacker could exploit this vulnerability using a specially crafted string to cause an out-of-bounds write or consume an overly large amount of resources.CVSS Base Score: 7.5CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111304 for the current scoreCVSS Environmental Score*: UndefinedCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM Network Advisor prior to 14.0.2 and FOS firmware prior to 7.4.1d

Remediation/Fixes

Fixes are contained in the following releases:

Network Advisor 14.0.2

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009621

FOS 7.4.1d

<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003855&gt;

FOS 8.0.1b

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009577

Workarounds and Mitigations

None