RSA Authentication Manager 8.2 False Positive Security Vulnerabilities
Originally Published: 2017-04-20
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2
CVE Identifier(s)
Article Summary
Alert Impact
Not Exploitable
Alert Impact Explanation
False Positive
Resolution
| Embedded Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Linux kernel | CVE-2016-7916 | CVE-2016-7916 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges | |||
| CVSS v3 Base Score: 5.5 Medium | ||||
| Linux kernel | CVE-2016-9794 | CVE-2016-9794 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 7.8 High | ||||
| Linux kernel | CVE-2016-8633 | CVE-2016-8633 | Response: The flaw does not exist | 19-Apr-17 |
| drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. | The RSA Authentication Manager appliance does not support this driver. | |||
| CVSS v3 Base Score: 6.8 Medium | ||||
| Linux kernel | CVE-2017-5551 | CVE-2017-5551 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 4.4 Medium | ||||
| Linux kernel | CVE-2016-9756 | CVE-2016-9756 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 5.5 Medium | ||||
| Linux kernel | CVE-2015-1350 | CVE-2015-1350 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 5.5 Medium | ||||
| ISC BIND | CVE-2017-3135 | CVE-2017-3135 | Response: The flaw does not exist. | |
| A denial-of-service vulnerability that can affect resolvers using both DNS64 and RPZ to rewrite responses for the same view. (There is no description for this issue at NVD.) | The RSA Authentication Manager appliance does not include the ISC BIND named service. | 19-Apr-17 |
Disclaimer
Related Articles
RSA Authentication Manager 8.2 False Positive Security Vulnerabilities Number of Views RSA Authentication Agent 7.4 for Microsoft Windows Installation and Administration Guide (French) Number of Views Deployment of the aveksa.ear in a clustered environment fails with 305000 ms timeout error in RSA Identity Governance & Li… Number of Views RSA Via Lifecycle and Governance/Aveksa server will not start after environment customization Number of Views Utilize Authentication Manager SDK 8.0 in non-weblogic environment Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
