IBM Support

IBM Informix Genero affected by multiple vulnerabilities in OpenSSL (CVE-2012-2131, CVE-2012-2110, CVE-2012-0884, CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-0014, CVE-2010-3864, CVE-2010-0742, CVE-2013-0169, CVE-2013-0166)

News


Abstract


Multiple vulnerabilities exist in the version of OpenSSL used by IBM Genero which may allow attackers to obtain sensitive information via decryption, cause a denial of service via crash or memory corruption or allow for arbitrary code execution.

Content


CVE ID: CVE-2012-2131

DESCRIPTION:
Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110.

CVSS:
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/75099 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)


CVE ID: CVE-2012-2110

DESCRIPTION:
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.

CVSS:
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/74926 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)


CVE ID: CVE-2012-0884

DESCRIPTION:
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/73916 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)


CVE ID: CVE-2011-4108

DESCRIPTION:
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/72128 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)


CVE ID: CVE-2011-4576

DESCRIPTION:
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.

CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/72130 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)


CVE ID: CVE-2011-4577

DESCRIPTION:
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers.

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/72131 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)


CVE ID: CVE-2011-4619

DESCRIPTION:
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/72132 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)


CVE ID: CVE-2011-0014

DESCRIPTION:
ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability."

CVSS:
CVSS Base Score: 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/68221 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:P)


CVE ID: CVE-2010-3864

DESCRIPTION:
Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.

CVSS:
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/63293 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)


CVE ID: CVE-2010-0742

DESCRIPTION:
The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

CVSS:
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/59039 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)


CVE ID: CVE-2013-0169

DESCRIPTION:
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81902 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)


CVE ID: CVE-2013-0166

DESCRIPTION:
OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.

CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81904 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)


AFFECTED PRODUCTS:
IBM Informix Genero 2.32, 2.40, and 2.41

REMEDIATION:
Upgrade to the latest fixpack for the products.

Fix(es):
The fix is available in these versions at Fix Central:

IBM Informix Genero gdc-2.41.02-build4635.425-patch1 or later
IBM Informix Genero gdev-2.41.34-build121743-patch1 or later
IBM Informix Genero grun-2.41.34-build121743-patch1 or later

Workaround(s): None known.

Mitigation(s): None known.


REFERENCES:

  • Complete CVSS Guide
  • On-line Calculator V2
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2131
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0884
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4577
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0014
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0742
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
  • http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
  • https://exchange.xforce.ibmcloud.com/vulnerabilities/75099
  • https://exchange.xforce.ibmcloud.com/vulnerabilities/74926
  • https://exchange.xforce.ibmcloud.com/vulnerabilities/73916
  • https://exchange.xforce.ibmcloud.com/vulnerabilities/72128
  • https://exchange.xforce.ibmcloud.com/vulnerabilities/72130
  • https://exchange.xforce.ibmcloud.com/vulnerabilities/72131
  • https://exchange.xforce.ibmcloud.com/vulnerabilities/72132
  • https://exchange.xforce.ibmcloud.com/vulnerabilities/68221
  • https://exchange.xforce.ibmcloud.com/vulnerabilities/63293
  • https://exchange.xforce.ibmcloud.com/vulnerabilities/59039
  • https://exchange.xforce.ibmcloud.com/vulnerabilities/81904
  • https://exchange.xforce.ibmcloud.com/vulnerabilities/81902



  • RELATED INFORMATION:
  • IBM Secure Engineering Web Portal
  • IBM Product Security Incident Response Blog



  • CHANGE HISTORY: 2013-05-23 Original version published.

    *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

    Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

    [{"Product":{"code":"SSVT2J","label":"Informix Tools"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Informix Genero","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF022","label":"OS X"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"2.4","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

    Document Information

    Modified date:
    25 September 2022

    UID

    swg21638022