Common Vulnerabilities and Exposures Archives

Multiple Security Vulnerabilities Reported In IBM i

April 30, 2018 Alex Woodie

IBM this month revealed an array of security vulnerabilities across IBM i middleware components, including OpenSSL, DHCP, and Java products. Most of the flaws were given a “high severity” rating, and all of them have been patched.

This week’s security fun starts with DHCP (Dynamic Host Configuration Protocol), which is used to automate the management and distribution of IP addresses within a network. According to the April 26 IBM security bulletin, IBM i 7.1, 7.2, and 7.3 are vulnerable to a pair of security vulnerabilities in the underlying DHCP protocol.

The first DHCP flaw, which is identified as CVE-2018-5732 …
Read more
IBM Patches Samba Vulnerabilities In IBM i

April 16, 2018 Alex Woodie

Big Blue has issued two patches for serious flaws in IBM i’s implementation of Samba, flaws that could result in an attacker launching a denial of service attack or changing user’s passwords. The company patched IBM i 7.2 and 7.3, as support for IBM i 7.1 wanes.

On April 3, IBM published a security bulletin informing users of the existence of two flaws in IBM i, as well as the existence of two program temporary fixes (PTFs) to patch the problems. Both of the flaws involve Samba, a free and open source implementation of the SMB/CIFS protocol to provide interoperability …
Read more
IBM Patches ‘ROBOT’ Flaw in IBM i Crypto Library

February 21, 2018 Alex Woodie

IBM has issued patches to fix a serious security problem in the IBM Global Security Kit, or GSKit, a relatively obscure crypto package that implements SSL/TLS encryption algorithms across a variety of IBM products, including IBM i. An old flaw in the underlying RSA crypto algorithm that could let hackers decrypt data in a “side channel” attack has resurfaced under a new moniker: “ROBOT.”

GSKit is an IBM toolkit that implements various encryption-related functions, including symmetric and asymmetric ciphers, random number generation, hashing algorithms, and encryption key management capabilities, for products that need over-the-wire encryption, including IBM i, Linux, and …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

Multiple Security Vulnerabilities Reported In IBM i

IBM Patches Samba Vulnerabilities In IBM i

IBM Patches ‘ROBOT’ Flaw in IBM i Crypto Library

Content archive

Recent Posts

Subscribe

Pages

Search