SB2016050804 - Multiple vulnerabilities in IBM SAN Volume Controller and Storwize Family
Published: May 8, 2016 Updated: July 18, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2015-7181)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the sec_asn1d_parse_leaf() function in Mozilla Network Security Services (NSS). A remote attacker can create a pass crafted OCTET STRING data to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Buffer overflow (CVE-ID: CVE-2015-7182)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within ASN.1 decoder in Mozilla Network Security Services (NSS). A remote attacker can create a pass crafted OCTET STRING data to the application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Buffer overflow (CVE-ID: CVE-2015-7183)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Remediation
Install update from vendor's website.