Security Bulletin: Vulnerabilities in cURL component shipped with IBM Rational ClearCase (CVE-2017-1000100, CVE-2017-1000254, CVE-2017-1000257)

Summary

IBM Rational ClearCase is affected by cURL/libcURL vulnerabilities.

Vulnerability Details

CVEID: CVE-2017-1000100**
DESCRIPTION:** cURL could allow a remote attacker to obtain sensitive information, caused by a TFTP URL processing error when doing a TFTP transfer. By redirecting a libcurl-using client request to a TFTP URL containing an overly long file name, an attacker could exploit this vulnerability to send private memory contents and obtain sensitive information.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130190 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2017-1000254 DESCRIPTION: libcurl is vulnerable to a denial of service, caused by a buffer overread in the string parser. By sending a specially-crafted response to a PWD command, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/133027 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-1000257**
DESCRIPTION:** cURL is vulnerable to a denial of service, caused by a buffer overread in the IMAP handler. By using a specially crafted IMAP FETCH response, a remote attacker could exploit this vulnerability to cause the application to crash or obtain sensitive information.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134033 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

Affected Products and Versions

The cURL component is used in the CMI integration, the OSLC-based ClearQuest integration, and in the automatic view client.

ClearCase client version

|

Status

—|—

9.0.1 through 9.0.1.1

|

Affected

9.0 through 9.0.0.5

|

Affected

8.0.1 through 8.0.1.15

|

Affected

8.0 through 8.0.0.21

|

Affected

Remediation/Fixes

The solution is to upgrade to a fix pack of ClearCase that disables the vulnerable configuration in the cURL component.

Affected Versions

|

** Applying the fix**

—|—

9.0.1 through 9.0.1.1

| Install Rational ClearCase Fix Pack 2 (9.0.1.2) for 9.0.1

9.0 through 9.0.0.5

| Install Rational ClearCase Fix Pack 6 (9.0.0.6) for 9.0

8.0.1 through 8.0.1.15
8.0 through 8.0.0.21

| Install Rational ClearCase Fix Pack 16 (8.0.1.16) for 8.0.1
For 7.0, 7.1, and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None