IBM Security Update

IBM Security Update

May 11, 2015 0 By Doug Stuman

Affected systems:
IBM and Nvidia Graphics Cards

THE RC4 “BAR MITZVAH” ATTACK

Vulnerability rating:
5 out of 10 on the CVSS scale

The RC4 “Bar Mitzvah” attack for SSL/TLS affects system x IMM and includes the following systems:

System x3630 M3, System x3500 M3, System x iDataPlex dx360 M3 server, System x3650 M2, System x3690 X, System x3500 M2,  System x3650 M3Description of Problem:
Commonly referred to as the “Bar Mitzvah Attack” the RC4 algorithm can allow remote hackers to infiltrate your system and retrieve credit card data or other sensitive information. RC4 stream cipher affects System x Integrated Management Module (IMM) (CVE-2015-2808).

Band-Aid approach remedy:
There are no fixes or workarounds.

Recommended Remedy:
To remedy the situation it is recommended to update IMM to version 1.48 YUOOG8C or later. Firmware updates are available through IBM Fix Central: http://www.ibm.com/support/fixcentral/. Once the firmware has been updated, the following configuration change is recommended using one of the two methods described below:

  1. Select “High Security Mode” in the “Cryptography Management” section accessed through the IMM Web interface on the IMM security page.
  2. Or you can use the following ASU command: asu set imm.ssl_cipher “high security mode.”

Once the fix has been implemented, IBM recommends checking to make sure the fix did not cause any incompatibility issues. It is also recommended to review your entire environment to determine if the RC4 stream cipher is in use in other areas of your environment and take appropriate mitigation to remedy the security flaw.

More Information:
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097660&brandind=5000008&myns=x008&mync=E&cm_sp=x008-_-NULL-_-E

THE “FREAK” ATTACK

Vulnerability rating:
1.2 – 4.3 out of 10 on the CVSS scale

This next threat deals with OpenSSL vulnerabilities and affects the System x Integrated Management Module (IMM) (CVE-2015-0204).

This problem affects the following systems:

System x3550 M3, System x3630 M3, System x3500 M3, System x iDataPlex dx360 M3 server, System x3650 M2, System x3550 M2, System x3690 X5, System x3500 M2, System x3650 M3

Description of problem:
This problem was disclosed on January 8, 2015 by the OpenSSL Project. This includes “FREAK: Factoring Attack on RSA-EXPORT keys” TLS/SSL client and server vulnerability. OpenSSL is used by System x Integrated Management Module (IMM). IMM has addressed the applicable CVEs.

Band-Aid approach remedy:
Disable the EXPORT cipher suites in the LDAP server side that is used by IMM.

Recommended Remedy:
To remedy the situation, it is recommended to update IMM to version 1.48 YUOOG8C or later. Firmware updates are available through IBM Fix Central: http://www.ibm.com/support/fixcentral/.

More information:
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097661&brandind=5000008&myns=x008&mync=E&cm_sp=x008-_-NULL-_-E

WINDOWS PRIVILEGE IMPERSONATION CHECK

Vulnerability rating:
7.2 out of 10 on the CVSS scale

The Windows Privilege Impersonation Check affects NVIDIA Windows Device Driver for use on NVIDIA PCIe cards installed in System x servers (CVE-2015-1170) and affects the following systems:

BladeCenter HS22/HS22V with BladeCenter GPU Expansion Device, BladeCenter HS23/HS23E with BladeCneter GPU Expansion Device, Flex System x220 Compute node with PCIExpress Expansion Node, Flex System x240 Compute node with PCIExpress Expansion Node, System x iDataPlex dx360 M2, System x iDataPlex dx360 M3, System x iDataPlex dx360 M4, System x NeXtScale, nx360 M4, System x NeXtScale nx360 M5, System x3100 M4, System x3200 M3, System x3250 M3, System x3250 M4, System x3300 M4, System x3400 M2, System x3400 M3, System x3500 M2, System x3500 M3, System x3500 M4, System x3500 M5, System x3520 M4, System x3530 M4, System x3550 M2, System x3550 M3, System x3550 M4, System x3620 M3, System x3630 M3, System x3630 M4, System x3650 M2, System x3650 M3, System x3650 M4, System x3650 M5, System x3690 X5, System x3750 M2, System x3750 M3, System x3750 M4, System x3850 X5, System x3850 X6, System x3950 X6

In addition, the following NVIDIA products are affected:

NVIDIA Tesla M2xxx, K10, K20, K40, K80 series GPUs NVIDIA Quadro 6xx, 1xxx, 2xxx, 3xxx, 4xxx, 5xxx, 6xxx, K6xx, K2xxx, K4xxx, K5xxx, K6xxx series GPUs NVIDIA Grid GPUs 

Description of Problem:
The NVIDIA Windows Server 2008 and 2008 R2 Display Driver’s kernel administrator check improperly validates local client impersonation levels in some cases when using the NVIDIA Windows Device Driver for use on NVIDIA PCIe cards installed in System x Servers. NVIDIA’s PCIe cards are functioning within specification; this is a software implementation issue.

Band-Aid approach remedy:
In general, use safe computing practices to mitigate your general risk and:

  1. Use only trusted sources when downloading or executing content or program
  2. Run as many systems as possible without administrator privileges.
  3. If running as an administrator, do not elevate UAC privileges for activities or programs that do not need them.

Recommended Remedy:
It is recommended to apply the following fix for the version specified:

  • R304 -> Version 309.08 or later
  • R340 -> Version 341.44 or later
  • R343 -> Version 345.20 or later
  • R346 -> Version 347.52 or later

Instructions on how to download and apply these updates are available at:

http://www.nvidia.com/Download/index.aspx?lang=en-us

Refer to NVIDIA Answer ID 3634 for patch and upgrade information:

http://nvidia.custhelp.com/app/answers/detail/a_id/3634

More Information:
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097841&brandind=5000008&myns=x008&mync=E&cm_sp=x008-_-NULL-_-E