Security Bulletin
Summary
Vulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner such as denial of service, elevation of privileges, buffer overflow, directory traversal, information disclosure, and bypassing of security restrictions , may affect IBM Spectrum Protect Plus. UPDATE 28 January 2022: CVE-2020-8492 for Python - complete fix in 10.1.9 or higher. UPDATE: 12 March 2022: CVE-2021-3156 for Sudo - complete fix in 10.1.10 or higher UPDATE: 05 May 2022: In the Remediation/Fixes section under "Notes", corrected the CVE number of the sudo vulnerability.
Vulnerability Details
CVEID: CVE-2020-8492
DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in the urllib.request.AbstractBasicAuthHandler. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a Regular Expression Denial of Service (ReDoS).
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175462 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2020-14323
DESCRIPTION: Samba is vulnerable to a denial of service, caused by a NULL pointer dereference in the Winbind service. By sending a specially-crafted packet, a local authenticated attacker could exploit this vulnerability to crash the winbind service.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190934 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-15436
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in fs/block_dev.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges, or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192171 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-3156
DESCRIPTION: Sudo is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when parsing command line arguments. By sending an "sudoedit -s" and a command-line argument that ends with a single backslash character, a local attacker could overflow a buffer and execute arbitrary code on the system with root privileges.
This vulnerability is also known as Baron Samedit.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195658 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2021-3139
DESCRIPTION: Open-iSCSI tcmu-runner could allow a remote attacker to traverse directories on the system, caused by a flaw in the xcopy_locate_udev in tcmur_cmd_handler.c. An attacker could send a specially-crafted XCOPY request to read or write arbitrary files on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194936 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2020-35513
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw with incorrectly umask during file or directory modification in the NFS (network file system) function. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195545 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2020-35508
DESCRIPTION: Linux Kernel could allow a local attacker to bypass security restrictions, caused by a race condition and incorrect initialization in the handling of child/parent process identification. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass checks to send any signal to a privileged process.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198870 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Third Party Entry: 189303
DESCRIPTION: Linux Kernel romfs information disclosure
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189303 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
| IBM Spectrum Protect Plus | 10.1.0-10.1.7 |
Remediation/Fixes
| IBM Spectrum Protect Plus Release | First Fixing VRM Level | Platform | Link to Fix |
| 10.1 | 10.1.8 see Notes | Linux |
Notes:
=====
CVE-2020-8492 - Python
The 10.1.8 fix was incomplete. Complete fix is in 10.1.9 or higher. Link to 10.1.9: https://www.ibm.com/support/pages/node/6487159
CVE-2021-3156 - Sudo
The 10.1.8 fix was incomplete. Complete fix is in 10.1.10 or higher. Link to 10.1.10: https://www.ibm.com/support/pages/node/6552532
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
Change History
23 April 2021: Initial Publication
28 January 2022: CVE-2020-8492 complete fix in 10.1.9
12 March 2022: CVE-2021-3156 - complete fix in 10.1.10
05 May 2022: In the Remediation/Fixes section under "Notes", corrected the CVE number of the sudo vulnerability.
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
05 May 2022
UID
ibm16445699