All news, guides, and products about IBM iSeries available

If you are interested in discovering IBM iSeries, you have reached the right place. This blog offers a variety of IBM iSeries information from news, guides to products.

Home

Learn how iSeries document scanning, capture, distribution and workflow can save money, increase document security, and improve organization efficiency. Learn more at www.informdecisions.com
Popular keywords: as/400 forms - as400 forms - iseries forms - iseries reports - AS/400 reports - AS400 reports

Some security vulnerabilities in the IBM i OS patched by IBM

8:12 PM

Unknown

Do you know that some security vulnerabilities in the IBM i OS including some lingering problems with OpenSSL and ISC BIND Delegation Handling vulnerability influence on multiple releases of the IBM i OS ?

Yes. Importantly, an attacker can take advantage of them to crash impacted servers. Thus, your PTFs have to be patched as soon as possible. Luckily, IBI has patches these vulnerabilities recently.

In fact, the Berkeley Internet Name Domain (BIND) software, specifically the Domain Name Service (DNS) are impacted by the more critical vulnerabilities related to the ISC BIND Delegation Handling vulnerabilities. According to the Internet Systems Consortium (ISC), in December 2014, two BIND-related flaws were found.

CVE-2014 8500 was the first flaw which could enable an attacker to exploit an oversight in BIND version 9. That causes BIND to issue an endless number of queries. As a result, resource exhaustion and a crash can be occurred. While the first flaw was rated as “critical” by ISC, it was given at 7.8 on the Common Vulnerability Scoring System (CVSS) by the National Institutes of Standards and Technology (NIST) because an attacker can easily exploit the vulnerability.

CVE-2014-8680 was the second flaw which can not only affect the GeoIP features of BIND version 9.10 but also cause DoS attacks on affected servers. Because CVE-2014-8680 are not easy to be exploited, it was given at 5.4 on CVSS by NIST

While CVE-2014-8680 does not affect IBM i, CVE-2014 8500 does. In fact, i5/OS V5R4 through IBM i 7.2 is impacted by CVE-2014-8500. To patch the problem in IBM i, three PTFs have be released by IBM. These PTFs consist of SI55866 for IBM i 7.2, SI55748 for IBM i 7.1, and SI55895 forIBM i 6.1. Owing to no longer being supported by IBM, V5R4 will not be patched.

On the other hand, new OpenSSL flaws (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, and CVE-2015-0206) are also patched by IBM. Even though, they influence on every release of the OS from i5/OS V5R3 through IBM i 7.2, IBM will not patch the old releases of i5/OS. iT patched only IBM i 6.1 through 7.2 with PTFs SI56063 (for IBM i 6.1), SI55950 (for IBM i 7.1), and SI55951 (for IBM i 7.2).

Source: itjungle

About inFORM Decision

inFORM Decision provides powerful tools to create paperless office Visit our website: www.informdecisions.com

--
Related keywords: What is AP Automation, SharePoint Scanning, as400 to excel