000032026 - RSA Authentication Manager 8.1 SP1 Multiple Linux Kernel Vulnerabilities - False Positive

Document created by RSA Customer Support Employee on Mar 30, 2017Last modified by RSA Customer Support Employee on Apr 3, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032026
Applies ToRSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager 
RSA Version/Condition:  8.1
Platform:  SuSE Linux 11
Platform (Other):  PostgreSQL
CVE IDCVE-2015-0275, CVE-2015-5156, CVE-2015-5283, CVE-2015-5707, CVE-2015-7613, CVE-2015-7799, CVE-2015-6937
Article SummaryA request for information about seven CVEs:

CVE-2015-0275, CVE-2015-5156, CVE-2015-5283, CVE-2015-5707, CVE-2015-7613, CVE-2015-7799, CVE-2015-6937.


None of the issues are exploitable vulnerabilities in the RSA Authentication Manager 8.x appliance.
 

Link to Advisorieshttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0275
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5156
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5283
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5707
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7613
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7799
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6937

 
Alert ImpactNot Exploitable
Technical DetailsThe flaw exists but it is not exploitable
Technical Details Explanation
Multiple issues:
IdentifierDescriptionDetails and Response
CVE-2015-0275The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.
  
   CVSS v2 Base Score: 4.9 (MEDIUM)
    
A local user could attempt to exploit this issue in the ext4 filesystem to cause a denial-of-service.
    
  
   Response: The flaw does not exist.
  
   The Authentication Manager appliance does not use the ext4 filesystem.
  
    
    
CVE-2015-5156The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.
  
   CVSS v2 Base Score: 6.1 (MEDIUM)

    
A system using virtio drivers could be vulnerable to a denial-of-service attack by a local user.
    
   Response: The flaw does not exist.
  
   The
Authentication Manager appliance has the virtio drivers but does not use them. The appliance may be a virtual machine but no virtual machines run on the appliance.
CVE-2015-5283The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.
  
   CVSS v2 Base Score: 4.7 (MEDIUM)

    
Connections using SCTP (Stream Control Transmission Protocol) may be vulnerable to a denial-of-service attack by a local users.
   Response: The flaw does not exist.
  
   The SCTP protocol is not used by AM (which uses TCP and UDP).
CVE-2015-5707Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
  
   CVSS v2 Base Score: 4.6 (MEDIUM)

    
A system using SCSI drivers could be vulnerable to a denial-of-service attack by a local user.
    
   Response: The flaw does not exist.
  
   The
Authentication Manager appliance has scsi drivers but does not use them.
CVE-2015-7613Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.
  
   CVSS v2 Base Score: 6.9 (MEDIUM)

    
Certain IPC objects might not be fully initialized and could allow an unprivileged local user to gain privileges.
    
   Response: The flaw exists but does not add an additional risk
  
   The
Authentication Manager appliance is not a general purpose multi-user system and has no unprivileged users who could exploit this issue.
CVE-2015-7799The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call.
  
   CVSS v2 Base Score: 4.9 (MEDIUM)

    
A system using PPP (point-to-point protocol) or SLIP (serial line IP) drivers could be vulnerable to a denial-of-service attack by a local user.
  
   Response: The flaw does not exist.
  
   The
Authentication Manager appliance has ppp/slip drivers but does not use them.
    
CVE-2015-6937The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.
  
   CVSS v2 Base Score: 7.8 (HIGH)

    
An attack against RDS (Reliable Datagram Sockets protocol developed by Oracle https://oss.oracle.com/pipermail/rds-devel/2007-November/000228.html) could result in a denial-of-service.
  
   Response: The flaw does not exist.
  
   The
Authentication Manager appliance does not use “Reliable Datagram Sockets” (RDS).
NotesSome issues are described as attacks by local users (such as a unprivileged local user performing an attack to gain privileges or cause an outage) but because the Authentication Manager 8.1 appliance has no unprivileged users, these issues are not considered vulnerabilities and are resolved as: “The flaw exists but does not add an additional risk”
 
This indicates that while the local privileged user could in certain circumstances, attempt to perform the attack, an attack by a privileged user to gain privileges which they already have is not considered a proper vulnerability.
 
The RSA Authentication Manager appliance is a single purpose appliance system (intended to be used for running the AM application) and not a multi-purpose/multi-user system.  The RSA Authentication Manager appliance should not be modified to add other users or applications. (Refer to the Security Best Practices.)

 

Disclaimer

Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, EMC Corporation, distributes RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA, its affiliates or suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Attachments

    Outcomes