#VU12311 Use of cryptographically weak PRNG in IBM DB2


Vulnerability identifier: #VU12311

Vulnerability risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1426

CWE-ID: CWE-338

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM DB2
Server applications / Database software

Vendor: IBM Corporation

Description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists due to IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which can result in duplicate Session IDs and a risk of duplicate key material. A remote attacker can gain access to potentially sensitive information and write arbitrary files.

Mitigation
Install update from vendor's website.

Vulnerable software versions

IBM DB2: 9.7.0.0, 10.1.0.0, 10.5.0.0, 11.1.0.0

External links
http://exchange.xforce.ibmcloud.com/vulnerabilities/139071

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Tivoli Directory
Multiple vulnerabilities in IBM Cognos Analytics
Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition
Multiple vulnerabilities in IBM Planning Analytics Local
Multiple vulnerabilities in IBM Algo One Core
Multiple vulnerabilities in IBM MQ
Multiple vulnerabilities in IBM Security Network Protection
Multiple vulnerabilities in IBM Cognos Controller