Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBB62CC885EB373969FEA1063483057EA9132ED89EA846030CCFC060356234027
HistoryJan 31, 2019 - 2:25 a.m.

Security Bulletin: Vulnerabilities in PHP affect IBM Chassis Management Module (CVE-2017-9227, CVE-2017-9226, CVE-2017-9224)

2019-01-3102:25:02
www.ibm.com
12

0.005 Low

EPSS

Percentile

76.8%

JSON

Summary

IBM Chassis Management Module has addressed the following vulnerabilities in PHP.

Vulnerability Details

Summary

IBM Chassis Management Module has addressed the following vulnerabilities in PHP.

Vulnerability Details:

CVEID: CVE-2017-9227

Description: Oniguruma is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by mbc_enc_len(). By using a specially-crafted regular expression, a remote attacker could overflow a buffer and execute arbitrary code or cause the application to crash.

CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127148&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-9226

Description: Oniguruma is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by next_state_val(). By using a specially-crafted regular expression, a remote attacker could overflow a buffer and execute arbitrary code or cause the application to crash.

CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127147&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-9224

Description: Oniguruma is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by match_at(). A remote attacker could overflow a buffer and execute arbitrary code or cause the application to crash.

CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127145 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Product Version
IBM Flex System Chassis Management Module (CMM) 2PET

Remediation/Fixes:

Firmware fix versions are available on Fix Central:
<http://www.ibm.com/support/fixcentral/&gt;.

Product Fix Version
IBM Flex System Chassis Management Module (CMM)
(ibm_fw_cmm_2pet14k-2.5.10k_anyos_noarch) 2PET14K-2.5.10k

Workaround(s) & Mitigation(s):

None

References:

Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Lenovo Product Security Advisories

Acknowledgement

None

Change History
13 November 2017: Original Copy Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

ibm 2
nessus 48
openvas 24
freebsd 1
osv 4
slackware 1
fedora 7
amazon 7
hackerone 1
debian 1
mageia 1
altlinux 1
cvelist 3
debiancve 3
alpinelinux 3
checkpoint_advisories 1
prion 3
ubuntucve 3
cve 3
veracode 4
redhatcve 3
nvd 3
f5 4
ubuntu 2
photon 1
redhat 1
rosalinux 2
cloudlinux 1
ibm
ibm
Security Bulletin: Vulnerabilities in php53 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-9227, CVE-2017-9226, CVE-2017-9224)
2023-04-14 14:32:25
Security Bulletin: Multiple vulnerabilities in php5 affect IBM Flex System Manager (FSM) (CVE-2017-9227, CVE-2017-9226 CVE-2017-9224)
2018-06-18 01:38:12
nessus
nessus
SUSE SLES12 Security Update : php5 (SUSE-SU-2017:1662-1)
2019-01-02 00:00:00
FreeBSD : oniguruma -- multiple vulnerabilities (b396cf6c-62e6-11e7-9def-b499baebfeaf)
2017-07-10 00:00:00
openSUSE Security Update : php5 (openSUSE-2017-764)
2017-07-05 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-2403)
2020-01-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1662-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1585-1)
2021-06-09 00:00:00
freebsd
freebsd
oniguruma -- multiple vulnerabilities
2017-07-06 00:00:00
osv
osv
libonig - security update
2017-05-28 00:00:00
CVE-2017-9227
2017-05-24 15:29:00
CVE-2017-9224
2017-05-24 15:29:00
slackware
slackware
[slackware-security] php
2017-07-08 00:39:45
fedora
fedora
[SECURITY] Fedora 25 Update: php-7.0.21-1.fc25
2017-07-13 19:20:35
[SECURITY] Fedora 24 Update: php-5.6.31-1.fc24
2017-07-19 01:49:32
[SECURITY] Fedora 24 Update: oniguruma-5.9.6-4.fc24
2017-06-10 10:23:48
amazon
amazon
Medium: php56
2017-08-17 18:16:00
Medium: php70
2017-08-03 20:38:00
Important: oniguruma
2023-10-12 15:09:00
hackerone
hackerone
Internet Bug Bounty: PHP mbstring / Oniguruma multiple remote heap/stack corruptions
2017-06-08 06:55:30
debian
debian
[SECURITY] [DLA 958-1] libonig security update
2017-05-28 13:46:37
mageia
mageia
Updated php and libgd packages fix security vulnerabilities
2017-08-08 01:16:24
altlinux
altlinux
Security fix for the ALT Linux 8 package oniguruma version 6.4.0-alt1
2017-07-12 00:00:00
cvelist
cvelist
CVE-2017-9227
2017-05-24 15:00:00
CVE-2017-9226
2017-05-24 15:00:00
CVE-2017-9224
2017-05-24 15:00:00
debiancve
debiancve
CVE-2017-9226
2017-05-24 15:29:00
CVE-2017-9227
2017-05-24 15:29:00
CVE-2017-9224
2017-05-24 15:29:00
alpinelinux
alpinelinux
CVE-2017-9224
2017-05-24 15:29:00
CVE-2017-9226
2017-05-24 15:29:00
CVE-2017-9227
2017-05-24 15:29:00
checkpoint_advisories
checkpoint_advisories
Oniguruma Project Memory Corruption (CVE-2017-9226)
2020-09-24 00:00:00
prion
prion
Heap overflow
2017-05-24 15:29:00
Stack overflow
2017-05-24 15:29:00
Stack overflow
2017-05-24 15:29:00
ubuntucve
ubuntucve
CVE-2017-9227
2017-05-24 00:00:00
CVE-2017-9226
2017-05-24 00:00:00
CVE-2017-9224
2017-05-24 00:00:00
cve
cve
CVE-2017-9227
2017-05-24 15:29:00
CVE-2017-9226
2017-05-24 15:29:00
CVE-2017-9224
2017-05-24 15:29:00
veracode
veracode
Out-Of-Bounds Read
2019-05-16 02:59:59
Out-Of-Bounds Read
2019-05-16 02:59:59
Out-of-Bounds Write
2019-05-16 02:59:59
redhatcve
redhatcve
CVE-2017-9226
2017-06-30 11:21:15
CVE-2017-9224
2019-11-04 04:16:58
CVE-2017-9227
2017-06-30 11:21:32
nvd
nvd
CVE-2017-9226
2017-05-24 15:29:00
CVE-2017-9227
2017-05-24 15:29:00
CVE-2017-9224
2017-05-24 15:29:00
f5
f5
K34551175 : PHP vulnerability CVE-2017-9224
2017-07-21 00:00:00
K61164061 : PHP vulnerability CVE-2017-9227
2017-07-24 00:00:00
K01709026 : PHP vulnerabilities CVE-2017-7890 and CVE-2017-9226
2017-08-07 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2017-12-18 00:00:00
PHP vulnerabilities
2017-08-10 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0021
2017-06-22 00:00:00
redhat
redhat
(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update
2018-05-03 03:21:11
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00

0.005 Low

EPSS

Percentile

76.8%

JSON
Related for BB62CC885EB373969FEA1063483057EA9132ED89EA846030CCFC060356234027
ibm2nessus48openvas24freebsd1osv4slackware1fedora7amazon7hackerone1debian1mageia1altlinux1cvelist3debiancve3alpinelinux3checkpoint_advisories1prion3ubuntucve3cve3veracode4redhatcve3nvd3f54ubuntu2photon1redhat1rosalinux2cloudlinux1