SB2018042490 - Multiple vulnerabilities in IBM Integrated Management Module II (IMM2)
Published: April 24, 2018 Updated: February 18, 2025
Security Bulletin ID
SB2018042490
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2018-5733)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the dhcpd due to improper handling of reference counting when processing client requests. A remote attacker can send large amounts of data to the target server can send a large number of packets, trigger a reference counter overflow and cause the target dhcpd service to consume all available memory and crash.
2) Resource exhaustion (CVE-ID: CVE-2017-3144)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to improper cleaning up of closed OMAPI connections. A remote attacker who is permitted to establish connections to the OMAPI control port can trigger exhaustion of the pool of socket descriptors available to the DHCP server and cause the service to crash.
Remediation
Install update from vendor's website.