RSA Authentication Manager 8.2 False Positive Security Vulnerabilities
Originally Published: 2017-04-20
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2
CVE Identifier(s)
Article Summary
Alert Impact
Not Exploitable
Alert Impact Explanation
False Positive
Resolution
| Embedded Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Linux kernel | CVE-2016-7916 | CVE-2016-7916 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges | |||
| CVSS v3 Base Score: 5.5 Medium | ||||
| Linux kernel | CVE-2016-9794 | CVE-2016-9794 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 7.8 High | ||||
| Linux kernel | CVE-2016-8633 | CVE-2016-8633 | Response: The flaw does not exist | 19-Apr-17 |
| drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. | The RSA Authentication Manager appliance does not support this driver. | |||
| CVSS v3 Base Score: 6.8 Medium | ||||
| Linux kernel | CVE-2017-5551 | CVE-2017-5551 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 4.4 Medium | ||||
| Linux kernel | CVE-2016-9756 | CVE-2016-9756 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 5.5 Medium | ||||
| Linux kernel | CVE-2015-1350 | CVE-2015-1350 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 5.5 Medium | ||||
| ISC BIND | CVE-2017-3135 | CVE-2017-3135 | Response: The flaw does not exist. | |
| A denial-of-service vulnerability that can affect resolvers using both DNS64 and RPZ to rewrite responses for the same view. (There is no description for this issue at NVD.) | The RSA Authentication Manager appliance does not include the ISC BIND named service. | 19-Apr-17 |
Disclaimer
Related Articles
RSA Authentication Manager 8.2 False Positive Security Vulnerabilities Number of Views Upgrade to RSA Identity Governance & Lifecycle 7.0.2 fails with message "Error occurred when determining the version of th… Number of Views Workflows stuck in AFX fulfillment and/or Provisioning nodes in RSA Identity Governance & Lifecycle Number of Views Multi-App Collector Circuit Breaker trips incorrectly in SecurID Governance & Lifecycle Number of Views How to respond to Nessus reported OpenSSH Vulnerabilities against the RSA Authentication Manager 8.4 or later Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
