Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD81188C25A020810F359292BDCB7E8649A6E532227B19A89FF9C9B287580BB23
HistoryJun 18, 2018 - 1:35 a.m.

Security Bulletin: IBM Flex System Manager (FSM) is affected by php5 vulnerabilities (CVE-2016-9933, CVE-2016-9935)

2018-06-1801:35:18
www.ibm.com
13

0.136 Low

EPSS

Percentile

95.6%

JSON

Summary

Multiple security vulnerabilities have been identified in php5 that is embedded in IBM FSM. This bulletin addresses these issues.

Vulnerability Details

CVEID: CVE-2016-9933**
DESCRIPTION:** GD Graphics Library (libgd) as used in PHP is vulnerable to a denial of service, caused by a stack consumption vulnerability in gdImageFillToBorder function in gd.c. An attacker could exploit this vulnerability using specially-crafted imagefilltoborder calls to cause a segmentation fault.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120376 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-9935**
DESCRIPTION:** PHP vulnerable to a denial of service, caused by an out-of-bounds read and memory error in php_wddx_push_element function in ext/wddx/wddx.c. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120374 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Flex System Manager 1.3.4.0
Flex System Manager 1.3.3.0
Flex System Manager 1.3.2.1
Flex System Manager 1.3.2.0

Remediation/Fixes

IBM recommends updating the FSM using the instructions referenced in this table.

Product |

VRMF |

Remediation
—|—|—

Flex System Manager |

1.3.4.0 |

Install fsmfix1.3.4.0_IT19262_IT19315_IT19320

Flex System Manager |

1.3.3.0 |

Install fsmfix1.3.3.0_IT19262_IT19315_IT19320

Flex System Manager |

1.3.2.1
1.3.2.0 |

Install fsmfix1.3.2.0_IT19262_IT19315_IT19320

For all VRMF not listed in this table, IBM recommends upgrading to a fixed and supported version/release of the product.

For a complete list of FSM security bulletins refer to this technote: http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex--NULL--E

Workarounds and Mitigations

None

CPENameOperatorVersion
flex system manager nodeeqany

Related

nessus 56
openvas 35
slackware 1
prion 2
cve 2
amazon 2
osv 5
cvelist 2
veracode 3
ubuntucve 2
redhatcve 2
debian 8
debiancve 2
nvd 2
kaspersky 2
mageia 1
freebsd 1
archlinux 1
gentoo 1
cloudfoundry 2
ubuntu 4
apple 4
fortinet 1
redhat 1
rosalinux 1
nessus
nessus
openSUSE Security Update : php5 (openSUSE-2017-62)
2017-01-10 00:00:00
Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-347-03)
2016-12-13 00:00:00
SUSE SLES12 Security Update : php5 (SUSE-SU-2017:0038-1)
2019-01-02 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2016-347-03)
2022-04-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0038-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0109-1)
2021-06-09 00:00:00
slackware
slackware
[slackware-security] php
2016-12-12 23:11:02
prion
prion
Stack overflow
2017-01-04 20:59:00
Out-of-bounds
2017-01-04 20:59:00
cve
cve
CVE-2016-9933
2017-01-04 20:59:00
CVE-2016-9935
2017-01-04 20:59:00
amazon
amazon
Medium: php56
2017-01-26 18:00:00
Medium: php70
2017-01-26 18:00:00
osv
osv
CVE-2016-9933
2017-01-04 20:59:00
libgd2 - security update
2017-01-01 00:00:00
libgd2 - security update
2016-12-22 00:00:00
cvelist
cvelist
CVE-2016-9933
2017-01-04 20:00:00
CVE-2016-9935
2017-01-04 20:00:00
veracode
veracode
Denial Of Service (DoS) Through Memory Corruption
2019-05-16 02:59:58
Out-Of-Bounds Read
2019-05-16 02:59:58
Use After Free
2019-05-16 02:59:58
ubuntucve
ubuntucve
CVE-2016-9933
2017-01-04 00:00:00
CVE-2016-9935
2017-01-04 00:00:00
redhatcve
redhatcve
CVE-2016-9933
2016-12-14 14:17:37
CVE-2016-9935
2016-12-14 14:17:24
debian
debian
[SECURITY] [DLA 758-1] libgd2 security update
2016-12-22 15:05:17
[SECURITY] [DSA 3751-1] libgd2 security update
2017-01-01 17:12:19
[SECURITY] [DSA 3751-1] libgd2 security update
2017-01-01 17:12:19
debiancve
debiancve
CVE-2016-9933
2017-01-04 20:59:00
CVE-2016-9935
2017-01-04 20:59:00
nvd
nvd
CVE-2016-9933
2017-01-04 20:59:00
CVE-2016-9935
2017-01-04 20:59:00
kaspersky
kaspersky
KLA10930 Denial of service vulnerability in PHP
2017-01-04 00:00:00
KLA10927 Denial of service vulnerabilities in PHP
2017-01-04 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2016-12-23 00:41:01
freebsd
freebsd
PHP -- multiple vulnerabilities
2016-12-08 00:00:00
archlinux
archlinux
[ASA-201701-28] php: multiple issues
2017-01-19 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2017-02-21 00:00:00
cloudfoundry
cloudfoundry
USN-3213-1: GD library vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
Multiple PHP vulnerabilities | Cloud Foundry
2017-03-17 00:00:00
ubuntu
ubuntu
GD library vulnerabilities
2017-02-28 00:00:00
PHP vulnerabilities
2017-02-14 00:00:00
PHP vulnerabilities
2017-02-23 00:00:00
apple
apple
About the security content of macOS Sierra 10.12.3 - Apple Support
2017-03-28 11:17:25
About the security content of macOS Sierra 10.12.3
2017-01-23 00:00:00
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite - Apple Support
2017-08-29 02:52:03
fortinet
fortinet
LibGD security advisory [18 January 2017]
2017-07-26 00:00:00
redhat
redhat
(RHSA-2018:1296) Moderate: rh-php70-php security, bug fix, and enhancement update
2018-05-03 03:21:11
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45

0.136 Low

EPSS

Percentile

95.6%

JSON
Related for D81188C25A020810F359292BDCB7E8649A6E532227B19A89FF9C9B287580BB23
nessus56openvas35slackware1prion2cve2amazon2osv5cvelist2veracode3ubuntucve2redhatcve2debian8debiancve2nvd2kaspersky2mageia1freebsd1archlinux1gentoo1cloudfoundry2ubuntu4apple4fortinet1redhat1rosalinux1