Security Bulletin
Summary
OpenSSH vulnerabilities were disclosed on July 22 , August 10, and October19, 2016 by the OpenSSH Project. OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSH and OpenSSL are used by GPFS V3.5 for Windows. GPFS V3.5 for Windows has addressed the applicable CVEs.
Vulnerability Details
CVEID: CVE-2015-8325
DESCRIPTION: OpenSSH could allow a local attacker to gain elevated privileges on the system, caused by an error in the do_setup_env function when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories. By using an LD_PRELOAD environment variable, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114628 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-6210
DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by the increased amount of time to calculate SHA256/SHA512 hash than BLOWFISH hash. An attacker could exploit this vulnerability using a covert timing channel to enumerate users on system that runs SSHD.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115128 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-6515
DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by the failure to limit password lengths for password authentication by the auth_password function. A remote attacker could exploit this vulnerability using an overly long string to consume all available CPU resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115911 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-6302
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation of the ticket length by the tls_decrypt_ticket function A remote attacker could exploit this vulnerability using a ticket that is too short to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117024 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-6304
DESCRIPTION: OpenSSL is vulnerable to a denial of service. By repeatedly requesting renegotiation, a remote authenticated attacker could send an overly large OCSP Status Request extension to consume all available memory resources.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117110 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-6303
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in the MDC2_Update function. By using unknown attack vectors, a remote attacker could exploit this vulnerability to trigger an out-of-bounds write and cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117023 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-2182
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds write in the TS_OBJ_print_bio function in crypto/bn/bn_print.c. A remote attacker could exploit this vulnerability using a specially crafted value to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116342 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-2180
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TS_OBJ_print_bio function. A remote attacker could exploit this vulnerability using a specially crafted time-stamp file to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115829 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-2177
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect use of pointer arithmetic for heap-buffer boundary checks. By leveraging unexpected malloc behavior, a remote attacker could exploit this vulnerability to trigger an integer overflow and cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113890 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2016-2178
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DSA implementation that allows the following of a non-constant time codepath for certain operations. An attacker could exploit this vulnerability using a cache-timing attack to recover the private DSA key.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113889 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-2179
DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending specially crafted DTLS record fragments to fill up buffer queues, a remote attacker could exploit this vulnerability to open a large number of simultaneous connections and consume all available memory resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116343 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-6306
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by missing message length checks when parsing certificates. A remote authenticated attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a denial of service.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117112 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-2181
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error in the DTLS replay protection implementation. By sending a specially crafted sequence number, a remote attacker could exploit this vulnerability to cause valid packets to be dropped.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116344 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-2183
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the in the Triple-DES on 64-bit block cipher, used as a part of the SSL/TLS protocol. By capturing large amounts of encrypted traffic between the SSL/TLS server and the client, a remote attacker able to conduct a man-in-the-middle attack could exploit this vulnerability to recover the plaintext data and obtain sensitive information. This vulnerability is known as the SWEET32 Birthday attack.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116337 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2016-7052
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a missing CRL sanity check. By attempting to use CRLs, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/117149 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-8858
DESCRIPTION: OpenSSH is vulnerable to a denial of service, caused by an error in the kex_input_kexinit() function. By sending specially crafted data during the key exchange process, a remote attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118127 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
OpenSSH for GPFS V3.5 for Windows
Remediation/Fixes
In GPFS V3.5.0.33, IBM upgraded OpenSSH for GPFS on Windows to 7.3p1 (and patch Revision 1.127) and to use OpenSSL 1.0.2j to address these vulnerabilities. System administrators should update their systems to GPFS V3.5.0.33 by following the steps below.
1. Download the GPFS 3.5.0.33 update package into any directory on your system from http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Cluster%2Bsoftware&product=ibm/power/IBM+General+Parallel+File+System&release=3.5.0&platform=Windows&function=all
2. Extract the contents of the ZIP archive so that the .msi file it includes is directly accessible to your system.
3. Follow the instructions in the README included in the update package in order to install the OpenSSH msi package. This updated OpenSSH 7.3.p1 msi package is built using OpenSSL 1.02j.
If GPFS multiclustering is configured on Windows nodes, upgrade all OpenSSL packages that may have been installed. The following can be done on a small group of nodes at each time (ensuring that quorum is maintained) to maintain file system availability:
a. Stop GPFS on the node
b. Install the version of OpenSSL
c. Restart GPFS on the node
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
3 November 2016: Original version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
25 June 2021
UID
isg3T1024394