SB2018121414 - Multiple vulnerabilities in IBM Tivoli Directory 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018121414

SB2018121414 - Multiple vulnerabilities in IBM Tivoli Directory

Published: December 14, 2018

Security Bulletin ID SB2018121414
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Information disclosure through timing discrepancy (CVE-ID: CVE-2018-1388)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to disclosure of side channel information via discrepancies between valid and invalid PKCS#1 padding. A remote attacker can gain access to potentially sensitive information.

2) Integer overflow (CVE-ID: CVE-2018-1427)

The vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to IBM GSKit contains several environment variables. A local attacker can cause the service to crash.

3) Use of cryptographically weak PRNG (CVE-ID: CVE-2018-1426)

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists due to IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which can result in duplicate Session IDs and a risk of duplicate key material. A remote attacker can gain access to potentially sensitive information and write arbitrary files.

4) Information disclosure (CVE-ID: CVE-2016-0702)

The vulnerability allows a local attacker to decrypt data passed via encrypted SSL connection.

The vulnerability exists in the MOD_EXP_CTIME_COPY_FROM_PREBUF() function in crypto/bn/bn_exp.c. The application does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts.

The vulnerability was dubbed "CacheBleed".

5) Weak passwords requirements (CVE-ID: CVE-2018-1447)

The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists due to the GSKit CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of passwords. A weak password may be recovered. A local attacker can gain access to potentially sensitive information.

Remediation

Install update from vendor's website.

References