IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities

high Nessus Plugin ID 84401
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote IBM Storwize device is affected by multiple vulnerabilities.

Description

The remote IBM Storwize device is running a version that is 1.3.x prior to 1.4.3.4 or 1.5.x prior to 1.5.0.2. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists due to a flaw in the bundled version of Apache HTTP Server. A remote attacker can exploit this, via partial HTTP requests, to cause a daemon outage, resulting in a denial of service condition. (CVE-2007-6750)

- An HTTP request smuggling vulnerability exists due to a flaw in the bundled version of Apache Tomcat; when an HTTP connector or AJP connector is used, Tomcat fails to properly handle certain inconsistent HTTP request headers. A remote attacker can exploit this flaw, via multiple Content-Length headers or a Content-Length header and a 'Transfer-Encoding: chunked' header, to smuggle an HTTP request in one or more Content-Length headers. (CVE-2013-4286)

- A denial of service vulnerability exists in the bundled version of Apache Tomcat due to improper processing of chunked transfer coding with a large amount of chunked data or whitespace characters in an HTTP header value within a trailer field. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2013-4322)

- A denial of service vulnerability exists due to a flaw in the bundled version of Apache Tomcat; an integer overflow condition exists in the parseChunkHeader() function in ChunkedInputFilter.java. A remote attacker can exploit this, via a malformed chunk size that is part of a chunked request, to cause excessive consumption of resources, resulting in a denial of service condition. (CVE-2014-0075)

- A remote code execution vulnerability exists due to a flaw in the bundled version of Apache Struts. A remote attacker can manipulate the ClassLoader via the class parameter, resulting in the execution of arbitrary Java code. (CVE-2014-0094)

- An XML External Entity (XXE) injection vulnerability exists due to a flaw in the bundled version of Apache Tomcat; an incorrectly configured XML parser accepts XML external entities from an untrusted source via XSLT.
A remote attacker can exploit this, by sending specially crafted XML data, to gain access to arbitrary files.
(CVE-2014-0096)

- An integer overflow condition exists in the bundled version of Apache Tomcat. A remote attacker, via a crafted Content-Length HTTP header, can conduct HTTP request smuggling attacks. (CVE-2014-0099)

- An information disclosure vulnerability exists due to a flaw in the bundled version of Apache Tomcat. Tomcat fails to properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet. A remote attacker can exploit this, via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, to read arbitrary files. (CVE-2014-0119)

- A flaw exists in a bundled version of Samba due to a flaw in the vfswrap_fsctl() function that is triggered when responding to FSCTL_GET_SHADOW_COPY_DATA or FSCTL_SRV_ENUMERATE_SNAPSHOTS client requests. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose sensitive information from process memory. (CVE-2014-0178)

- Multiple flaws exist in the bundled version of Mozilla Firefox that allow a remote attacker to execute arbitrary code. (CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)

- An information disclosure vulnerability exists due to the chkauth password being saved in plaintext in the audit log. A local attacker can exploit this to gain administrator access. (CVE-2014-3077)

- A denial of service vulnerability exists due to a flaw in the bundled version of Samba. An authenticated, remote attacker can exploit this, via an attempt to read a Unicode pathname without specifying the use of Unicode, to cause an application crash. (CVE-2014-3493)
- A security bypass vulnerability exists due to an unspecified flaw. A remote attacker can exploit this flaw to reset the administrator password to its default value via a direct request to the administrative IP address. Note that this vulnerability only affects the 1.4.x release levels. (CVE-2014-4811)

Solution

Upgrade to IBM Storwize version 1.4.3.4 / 1.5.0.2 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004837

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004834

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004836

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004854

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004860

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004861

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004867

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004869

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004835

Plugin Details

Severity: High

ID: 84401

File Name: ibm_storwize_1_5_0_2.nasl

Version: 1.10

Type: remote

Family: Misc.

Published: 6/26/2015

Updated: 11/22/2019

Dependencies: ibm_storwize_detect.nbin

Risk Information

CVSS Score Source: CVE-2014-1557

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:ibm:storwize_v7000_software:*:*:*:*:*:*:*:*, cpe:2.3:h:ibm:storwize_unified_v7000:*:*:*:*:*:*:*:*, cpe:2.3:a:ibm:storwize_v7000_unified_software:*:*:*:*:*:*:*:*, cpe:2.3:a:ibm:san_volume_controller_software:*:*:*:*:*:*:*:*, cpe:2.3:a:ibm:storwize_v5000_software:*:*:*:*:*:*:*:*, cpe:2.3:h:ibm:storwize_v7000:*:*:*:*:*:*:*:*, cpe:2.3:h:ibm:storwize_v5000:*:*:*:*:*:*:*:*, cpe:2.3:h:ibm:storwize_v3700:*:*:*:*:*:*:*:*, cpe:2.3:h:ibm:storwize_v3500:*:*:*:*:*:*:*:*, cpe:2.3:h:ibm:san_volume_controller:*:*:*:*:*:*:*:*, cpe:2.3:a:ibm:storwize_v3700_software:*:*:*:*:*:*:*:*, cpe:2.3:a:ibm:storwize_v3500_software:*:*:*:*:*:*:*:*

Required KB Items: Host/IBM/Storwize/version, Host/IBM/Storwize/machine_major, Host/IBM/Storwize/display_name

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/15/2015

Vulnerability Publication Date: 1/3/2007

Exploitable With

Core Impact

Metasploit (Apache Struts ClassLoader Manipulation Remote Code Execution)

Reference Information

CVE: CVE-2013-4286, CVE-2013-4322, CVE-2014-3493, CVE-2014-0178, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2007-6750, CVE-2014-0094, CVE-2014-4811, CVE-2014-3077

BID: 65767, 65773, 68150, 67686, 67667, 67668, 67671, 67669, 68814, 68822, 68824, 65999, 21865, 69771, 69773

CERT: 719225