A security vulnerability has been identified in openssh that is contained in the IBM Flex System Manager (FSM). This bulletin addresses the vulnerability.
CVEID: CVE-2015-5600**
DESCRIPTION:** OpenSSH could allow a local attacker to obtain sensitive information, caused by an error in the keyboard-interactive authentication mechanism that allows successive authentications that exceed the MaxAuthTries setting. An attacker could exploit this vulnerability using brute-force techniques to crack the victim’s password.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104877 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Flex System Manager 1.3.4.x
Flex System Manager 1.3.3.x
Flex System Manager 1.3.2.x
Flex System Manager 1.3.1.x
Flex System Manager 1.3.0.x
Flex System Manager 1.2.x.x
Flex System Manager 1.1.x.x
IBM recommends updating the FSM using the instructions referenced in this table.
Warning: Agents older than version 6.3.5 must be updated using the Technote listed in these Remediation plans before this FSM fix is installed or you will permanently lose contact with the endpoint with agents older than version 6.3.5
Product | VRMF | APAR | Remediation |
---|---|---|---|
Flex System Manager | 1.3.4.x | IT12081 | Verify the required Java updates have been completed, then install fsmfix1.3.4.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602 |
Instructions for verifying installation of the Java updates can be found in the “Confirm the fixes were applied properly” section of Technote 761981453.
Flex System Manager| 1.3.3.x| IT12081| Verify the required Java updates have been completed, then install fsmfix1.3.3.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602
Instructions for verifying installation of the Java updates can be found in the “Confirm the fixes were applied properly” section of Technote 736218441.
Flex System Manager| 1.3.2.x| IT12081| Verify the required Java updates have been completed, then install fsmfix1.3.2.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602
Instructions for verifying installation of the Java updates can be found in the “Confirm the fixes were applied properly” section of Technote 736218441.
Flex System Manager| 1.3.1.x| IT12081| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities.
Flex System Manager| 1.3.0.x| IT12081| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities.
Flex System Manager| 1.2.x.x| IT12081| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities.
Flex System Manager| 1.1.x.x| IT12081| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities.
None