Multiple vulnerabilities in SAN Volume Controller and Storwize Family
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2015-6563 CVE-2015-6564 |
| CWE-ID | CWE-20 CWE-416 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
IBM SAN Volume Controller Hardware solutions / Other hardware appliances IBM Storwize V3500 Hardware solutions / Other hardware appliances IBM Storwize V3700 Hardware solutions / Other hardware appliances IBM Storwize V5000 Hardware solutions / Other hardware appliances IBM Storwize V7000 Hardware solutions / Other hardware appliances |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU33998
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-6563
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to impersonate other users on the system.
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM SAN Volume Controller: before 7.6.1.5
IBM Storwize V3500: before 7.6.1.5
IBM Storwize V3700: before 7.6.1.5
IBM Storwize V5000: before 7.6.1.5
IBM Storwize V7000: before 7.6.1.5
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_san_volume_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/696165
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after free
EUVDB-ID: #VU1482
Risk: Low
CVSSv4.0: 9.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/U:Clear]
CVE-ID: CVE-2015-6564
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use after free error within the mm_answer_pam_free_ctx() function in monitor.c in sshd daemon on non-OpenBSD platforms. A local unprivileged user can send an unexpected early MONITOR_REQ_PAM_FREE_CTX request and gain root privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM SAN Volume Controller: before 7.6.1.5
IBM Storwize V3500: before 7.6.1.5
IBM Storwize V3700: before 7.6.1.5
IBM Storwize V5000: before 7.6.1.5
IBM Storwize V7000: before 7.6.1.5
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_san_volume_controller:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/696165
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
