IBM Support

Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities

Security Bulletin


Summary

Multiple vulnerabilities have been identified in php that is embedded in the IBM FSM. This fix addresses these vulnerabilities.

Vulnerability Details

CVEID: CVE-2016-7124
DESCRIPTION:
PHP is vulnerable to a denial of service, caused by the improper handling of invalid objects by ext/standard/var_unserializer.c. An attacker could exploit this vulnerability using specially crafted serialized data to cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116959 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7125
DESCRIPTION:
PHP could allow a remote attacker to execute arbitrary code on the system, caused by the skipping of invalid session names that triggers incorrect parsing by ext/session/session.c. An attacker could exploit this vulnerability using control of a session name to inject and execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116958 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-7126
DESCRIPTION:
PHP is vulnerable to a denial of service, caused by the failure to properly validate the number of colors by the imagetruecolortopalette function. An attacker could exploit this vulnerability using a large value in the third argument to cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116957 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7127
DESCRIPTION:
PHP is vulnerable to a denial of service, caused by the failure to properly validate gamma values by the imagegammacorrect functions. By providing different signs for the second and third arguments, an attacker could exploit this vulnerability to cause an out-of-bounds write.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116956 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7128
DESCRIPTION:
PHP could allow a remote attacker to obtain sensitive information, caused by the improper handling of the case of a thumbnail offset that exceeds the file size by the exif_process_IFD_in_TIFF function. An attacker could exploit this vulnerability using a specially crafted TIFF image to obtain sensitive information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116955 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-7129
DESCRIPTION:
PHP is vulnerable to a denial of service, caused by an error in the php_wddx_process_data function. An attacker could exploit this vulnerability using an invalid ISO 8601 time value to cause a segmentation fault.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116954 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7130
DESCRIPTION:
PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in the php_wddx_pop_element function. An attacker could exploit this vulnerability using an invalid base64 binary value to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116960 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7131
DESCRIPTION:
PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in ext/wddx/wddx.c. An attacker could exploit this vulnerability using an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116953 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7132
DESCRIPTION:
PHP is vulnerable to a denial of service, caused by a NULL pointer dereference in ext/wddx/wddx.c. An attacker could exploit this vulnerability using an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116952 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-7411
DESCRIPTION:
PHP could allow a remote or local attacker to execute arbitrary code on the system, caused by a memory corruption error during deserialized object destruction. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116949 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-7413
DESCRIPTION:
PHP could allow a remote or local attacker to execute arbitrary code on the system, caused by a use-after-free in wddx_deserialize(). An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116947 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-7417
DESCRIPTION:
PHP could allow a remote or local attacker to execute arbitrary code on the system, caused by a memory corruption error when unserializing SplArray. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116945 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-7418
DESCRIPTION:
PHP could allow a remote or local attacker to execute arbitrary code on the system, caused by an out-of-bounds memory read in php_wddx_push_element(). An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116948 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Flex System Manager 1.3.4.x

Flex System Manager 1.3.3.x
Flex System Manager 1.3.2.x

Remediation/Fixes

IBM recommends updating the FSM using the instructions referenced in this table.

      Product
      VRMF
      APAR
      Remediation
Flex System Manager
      1.3.4.x
IT17653
Install fsmfix1.3.4.0_IT17534_IT17536_IT17537_IT17653
Flex System Manager
      1.3.3.x
IT17653
Install fsmfix1.3.3.0_IT17534_IT17536_IT17537_IT17653
Flex System Manager
      1.3.2.x
IT17653
Install fsmfix1.3.2.0_IT17534_IT17536_IT17537_IT17653

For a complete list of FSM security bulletins refer to this technote: http://www-01.ibm.com/support/docview.wss?uid=nas7797054ebc3d9857486258027006ce4a0&myns=purflex&mync=E&cm_sp=purflex-_-NULL-_-E

For 1.1.x.x, 1.2.x.x, 1.3.0.x and 1.3.1.x IBM recommends upgrading to a fixed, supported version/release of the product.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Complete CVSS v3 Guide
On-line Calculator v3

Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Change History

14 November 2016 : Original version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document information

More support for: Flex System Manager Node

Version: Version Independent

Operating system(s): Linux

Reference #: T1024488

Modified date: 14 November 2016