Flashes (Alerts)
Abstract
On IBM XIV Storage System (MTM 2810-A14, 2812-A14) running code level 10.2.4.b or lower, the certificate used for the SSL and SSH administration interfaces contains a weak key.
Content
VULNERABILITY DETAILS
CVE ID: CVE-2008-0166
DESCRIPTION:
In systems with the affected code levels, the key used in the OpenSSL certificate was generated on a system that was exposed to the Debian weak key generation problem, where the random number generator used to create the key generates predictable numbers.
CVSS:
CVSS Base Score: 7.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/42375 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N)
AFFECTED PLATFORMS:
IBM XIV Storage System (MTM 2810-A14, 2812-A14) running code levels below 10.2.4.c
REMEDIATION:
Upgrade code.
Vendor Fix(es):
Upgrade the code to level 10.2.4.c or higher.
Contact your Technical Advisor or other IBM support representative for additional information.
Workaround:
None
Mitigation(s):
None
REFERENCES:
· Complete CVSS Guide
· On-line Calculator V2
· X-Force Vulnerability Database
· CVE-2008-0166
RELATED INFORMATION:
· IBM Secure Engineering Web Portal
· IBM Product Security Incident Response Blog
[{"Product":{"code":"SSB2D7","label":"XIV Storage System"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"","label":"N\/A"}],"Version":"Not Applicable","Edition":"N\/A","Line of Business":{"code":"","label":""}}]
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
ssg1S1004216