Multiple vulnerabilities in Lenovo SAN Volume Controller and Storwize Family
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511 CVE-2014-0094 |
| CWE-ID | CWE-20 CWE-399 CWE-401 CWE-200 CWE-362 CWE-264 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #8 is being exploited in the wild. |
| Vulnerable software |
IBM Storwize V7000 Hardware solutions / Other hardware appliances IBM Storwize V5000 Hardware solutions / Other hardware appliances IBM Storwize V3700 Hardware solutions / Other hardware appliances IBM Storwize V3500 Hardware solutions / Other hardware appliances |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU41407
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3505
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Storwize V7000: before 7.2.0.9
IBM Storwize V5000: before 7.2.0.9
IBM Storwize V3700: before 7.2.0.9
IBM Storwize V3500: before 7.2.0.9
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/865960
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU41408
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3506
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Storwize V7000: before 7.2.0.9
IBM Storwize V5000: before 7.2.0.9
IBM Storwize V3700: before 7.2.0.9
IBM Storwize V3500: before 7.2.0.9
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/865960
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU41409
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3507
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function. A remote attacker can perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Storwize V7000: before 7.2.0.9
IBM Storwize V5000: before 7.2.0.9
IBM Storwize V3700: before 7.2.0.9
IBM Storwize V3500: before 7.2.0.9
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/865960
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU41410
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3508
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '�' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Storwize V7000: before 7.2.0.9
IBM Storwize V5000: before 7.2.0.9
IBM Storwize V3700: before 7.2.0.9
IBM Storwize V3500: before 7.2.0.9
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/865960
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Race condition
EUVDB-ID: #VU41411
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3509
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Storwize V7000: before 7.2.0.9
IBM Storwize V5000: before 7.2.0.9
IBM Storwize V3700: before 7.2.0.9
IBM Storwize V3500: before 7.2.0.9
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/865960
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU41412
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3510
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote DTLS servers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Storwize V7000: before 7.2.0.9
IBM Storwize V5000: before 7.2.0.9
IBM Storwize V3700: before 7.2.0.9
IBM Storwize V3500: before 7.2.0.9
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/865960
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU41413
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3511
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Storwize V7000: before 7.2.0.9
IBM Storwize V5000: before 7.2.0.9
IBM Storwize V3700: before 7.2.0.9
IBM Storwize V3500: before 7.2.0.9
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/865960
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Security bypass
EUVDB-ID: #VU5234
Risk: Critical
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2014-0094
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass security restsrictions on the target system.
The weakness exists due to an error in ParametersInterceptor. A remote attacker can use a specially crafted class parameter to manipulate the ClassLoader used by the application server.
Successful exploitation of the vulnerability results in security bypass on the vulnerable system.
Note: the vulnerability was being actively exploited.
Install update from vendor's website.
Vulnerable software versionsIBM Storwize V7000: before 7.2.0.9
IBM Storwize V5000: before 7.2.0.9
IBM Storwize V3700: before 7.2.0.9
IBM Storwize V3500: before 7.2.0.9
CPE2.3- cpe:2.3:h:ibm_corporation:ibm_storwize_v7000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v5000:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3700:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm_corporation:ibm_storwize_v3500:*:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/865960
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
