Installing the interim fix for CVE-2013-2970

Fix readme


Abstract

A vulnerability has been discovered with IBM QRadar SIEM software where an authenticated user can run particular operating system commands on the QRadar Console, which can provide a user limited remote shell access. To resolve this vulnerability, QRadar administrators must install a fix to your QRadar Console. This fix applies to QRadar SIEM Consoles, QRadar Log Manager Consoles or QRadar Network Anomaly Detection Consoles. For more information on this vulnerability, see the security bulletin at http://www.ibm.com/support/docview.wss?uid=swg21639309.
This interim fix can be applied to QRadar 7.0.x and 7.1.x installations.

Content


Symptom:
This interim fix must be installed to the Console in your QRadar deployment to address the vulnerability CVE-2013-2970.


Resolving the problem:
You can resolve this vulnerability by applying the vulnerability CVE-2013-2970 fix to your QRadar Console.

Procedure:

  1. Log in to IBM Support to download FixID 7.0.0-QRadar-QRSCRIPT-CVE-2013-2970.sh.gz.
  2. Copy the fix to a directory on your QRadar Console.
  3. Using SSH, log in to your QRadar Console as the root user.
  4. Navigate to the directory containing the fix.
  5. Type the following command to extract the script file: gunzip CVE-2013-2970.sh.gz
  6. Type the following command to apply the fix to your Console: sh CVE-2013-2970.sh
  7. Follow the on-screen instructions to complete the installation.

Related information

CVE-2013-2970

Cross reference information
Segment Product Component Platform Version Edition
Security IBM Security QRadar Log Manager
Security IBM Security QRadar Network Anomaly Detection

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security QRadar SIEM
Admin Console

Software version:

7.0, 7.1

Operating system(s):

Linux

Reference #:

1639552

Modified date:

2013-12-18

Translate my page

Machine Translation

Content navigation