News
Abstract
A number of security vulnerabilities have been identified in the OpenSSL libraries that are part of the operating system software included with the vulnerable systems.
Content
VULNERABILITY DETAILS
CVE IDs:
CVE-2013-0166, CVE-2013-0169
DESCRIPTION:
The IBM Smart Analytics System 7600, IBM Smart Analytics System 7700, and IBM Smart Analytics System 7710 are shipped with the IBM AIX operating system. Two security vulnerabilities have been identified in the OpenSSL libraries that are part of the operating system software. See the references section for links to the description of each individual vulnerability.
CVE-2013-0166
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81904 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-2013-0169
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81902 for the current score
CVSS Environmental Score*: Unknown
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
AFFECTED PRODUCTS AND VERSIONS:
IBM Smart Analytics System 7600
IBM Smart Analytics System 7700
IBM Smart Analytics System 7710
REMEDIATION:
FIXES:
Find your product in the table below and use the link in the Download Link column to find the fix provided by IBM. Previously supported Balanced Warehouse environments not listed below require additional investigation to determine vulnerability and the appropriate remediation. Access to the patches on the IBM site is restricted and requires a valid IBM registration ID. Access to the fix packs on the IBM site requires both a valid IBM registration ID and the correct product entitlement in Passport Advantage.
For more information about IBM registration IDs, see: IBM Registration FAQ.
Product | Operating System | Patch/Fix Pack | Version | Download Link |
IBM Smart Analytics System 7600 | AIX 6.1 | OpenSSL patch OpenSSH patch | OpenSSL: 0.9.8.2500 OpenSSH: 6.0.0.6101 | Download the AIX fixes and install using the update instructions. |
IBM Smart Analytics System 7700 | AIX 6.1 | IBM Smart Analytics System 7700 Fix Pack 2.1.1.0 Note: When you install this fix pack, you will update other components in addition to OpenSSL and OpenSSH. | OpenSSL: 0.9.8.2500 OpenSSH: 6.0.0.6101 | Download 7700 Fix Pack 2.1.1.0 (2.1.2.0-IM-ISAS7700) and install using the fix pack installation instructions. |
IBM Smart Analytics System 7710 | AIX 6.1 | IBM Smart Analytics System 7710 Fix Pack 2.1.1.0 Note: When you install this fix pack, you will update other components in addition to OpenSSL and OpenSSH. | OpenSSL: 0.9.8.2500 OpenSSH: 6.0.0.6101 | Download 7710 Fix Pack 2.1.1.0 (2.1.2.0-IM-ISAS7710) and install using the fix pack installation instructions. |
WORKAROUND(S):
None.
MITIGATION(S):
None.
REFERENCES:
RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
ACKNOWLEDGEMENT:
None.
CHANGE HISTORY:
31-May-2013:
- Original version published.
7-Jun-2013:
- Updated CVSS score and vector for CVE-2013-1069.
- Added 7700 and 7710 remediation details.
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21634946