Security Bulletin
Summary
BlueZ is vulnerable to a denial of service, caused by a buffer over-read issue. By using a specially-crafted dump file, an attacker could exploit this vulnerability to cause the application to crash.
IBM Tealeaf Customer Experience PCA could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security
Vulnerability Details
CVEID: CVE-2016-10161
DESCRIPTION: BlueZ is vulnerable to a denial of service, caused by a buffer over-read issue in object_common1 function in ext/standard/var_unserializer.c. By using a specially-crafted dump file, an attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/121892 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-2983
DESCRIPTION: IBM Tealeaf Customer Experience could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113999 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
IBM Tealeaf Customer Experience v8.7, v8.8 and v9.0.2
Remediation/Fixes
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
21 July 2017 - Initial version
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Internal Use Only
Security Bulletin History
91386
Submitted for review by SWATHI PRABHU (prabhusw@us.ibm.com) at 13:44:30 on 07/24/2017. Security Bulletin Reviewer review completed with comments 'Review complete - Security bulletin for PR# 91386' by Anthony J. Gackle (tgackle@us.ibm.com) at 14:40:42 EST on 07/24/2017. Security Bulletin Review by Reviewing Attorney bypassed by deadmin (deadmin) at 14:40:44 EST on 07/24/2017. Security Bulletin Reviews Complete by deadmin (deadmin) at 14:40:45 EST on 07/24/2017.
77430
Submitted for review by Charles Hornig (chornig@us.ibm.com) at 14:34:01 on 10/12/2016. Security Bulletin Reviewer review completed with comments ''Security bulletin is for PR#s 80650, 76500 and 77430. The x-force link related to CVE-2016-2983 is not displaying the CVE details. X-force needs to check into that. This bulletin has been reviewed.'' by Guncha Malik (gmalik@in.ibm.com) at 02:52:58 EST on 10/13/2016. PSIRT Operations review completed with comments ''This review by PSIRT Operations is now complete.'' by Jennifer A. Davis (jendavis@us.ibm.com) at 18:33:32 EST on 10/16/2016. Reviewing Attorney review completed with comments ''Review complete'' by VANESSA A. WITT (vanewitt@us.ibm.com) at 09:42:32 EST on 10/17/2016. Security Bulletin Reviews Complete by deadmin (deadmin) at 09:42:33 EST on 10/17/2016. Modified and submitted for review by SWATHI PRABHU (prabhusw@us.ibm.com) at 13:42:39 on 07/24/2017. Security Bulletin Reviewer review completed with comments 'Revew complete - Security bulletin for PR# 77430' by Anthony J. Gackle (tgackle@us.ibm.com) at 14:04:30 EST on 07/24/2017. Security Bulletin Review by Reviewing Attorney bypassed by deadmin (deadmin) at 14:04:31 EST on 07/24/2017. Security Bulletin Reviews Complete by deadmin (deadmin) at 14:04:32 EST on 07/24/2017.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg22006393