Arbitrary Code Execution Vulnerabilities in Multiple IBM Products (CVE-2023-45871, CVE-2023-39320, CVE-2023-51385)

Advisory No: TZCERT/SA/2024/05/24-1

Date of First Release: 24^th May 2024

Source: IBM

Software Affected: IBM Cloud Object System, IBM QRadar SIEM, IBM Security Guardium, IBM Storage Copy, IBM Storage Protect, IBM Storage Scale System, IBM Cloud Pak for Data Scheduling, IBM Spectrum Protect Plus, IBM AIX IBM i, IBM QRadar, IBM VIOS

Overview:

Multiple IBM products are vulnerable to critical vulnerabilities. The attackers can leverage the vulnerability to execute arbitrary code on the affected system.

Description:

Rated at 9.8 and tracked as CVE-2023-45871, CVE-2023-39320, CVE-2023-51385, the vulnerabilities affect Linux kernel, golang, and OpenSSH respectively. The flaws exist as a result of improper bounds checking by the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c in Linux kernel, go.mod toolchain directive in golang and improper validation of shell metacharacters in OpenSSH. The attackers can send specially crafted messages to execute arbitrary code on the vulnerable system.

Impact:

Successful exploitation of these vulnerabilities may allow an attacker to take control of the affected system.

Solution:

IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

1. https://exchange.xforce.ibmcloud.com/vulnerabilities/268717
2. https://exchange.xforce.ibmcloud.com/vulnerabilities/265873
3. https://exchange.xforce.ibmcloud.com/vulnerabilities/275402