Details of VAR-201509-0337

ID

VAR-201509-0337

CVE

CVE-2015-5185

TITLE

sblim-sfcb of providerMgr.c of lookupProviders Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-004996

DESCRIPTION

The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. SBLIM-SFCB is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions

Trust: 1.89

sources: NVD: CVE-2015-5185 // JVNDB: JVNDB-2015-004996 // BID: 91212

AFFECTED PRODUCTS

vendor:	standards based linux instrumentation	model:	sblim-sfcb	scope:	eq	version:	1.3.18	Trust: 1.6
vendor:	standards based linux instrumentation	model:	sblim-sfcb	scope:	eq	version:	1.3.4	Trust: 1.6
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.2	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	novell	model:	opensuse	scope:	eq	version:	13.1	Trust: 0.8
vendor:	novell	model:	opensuse	scope:	eq	version:	13.2	Trust: 0.8
vendor:	standards based linux instrumentation sblim	model:	small footprint cim broker	scope:	eq	version:	1.3.18	Trust: 0.8
vendor:	standards based linux instrumentation sblim	model:	small footprint cim broker	scope:	eq	version:	1.3.4	Trust: 0.8
vendor:	sblim	model:	sblim-sfcb	scope:	eq	version:	0	Trust: 0.3
vendor:	ibm	model:	rackswitch g8264cs	scope:	eq	version:	7.8.13.0	Trust: 0.3
vendor:	ibm	model:	integrated management module for system yuoo	scope:	eq	version:	x	Trust: 0.3
vendor:	ibm	model:	integrated management module for bladecenter yuoo	scope:	-	version:	-	Trust: 0.3
vendor:	ibm	model:	flex system fabric si4093 system interconnect module	scope:	eq	version:	7.8.13.0	Trust: 0.3
vendor:	ibm	model:	flex system fabric en4093r 10gb scalable switch	scope:	eq	version:	7.8.13.0	Trust: 0.3
vendor:	ibm	model:	flex system fabric en4093 10gb scalable switch	scope:	eq	version:	7.8.13.0	Trust: 0.3
vendor:	ibm	model:	flex system fabric cn4093 10gb converged scalable switch	scope:	eq	version:	7.8.13.0	Trust: 0.3
vendor:	ibm	model:	flex en2092 1gb ethernet scalable switch	scope:	eq	version:	7.8.13.0	Trust: 0.3
vendor:	ibm	model:	rackswitch g8264cs	scope:	ne	version:	7.8.14.0	Trust: 0.3
vendor:	ibm	model:	integrated management module for system yuooh3a	scope:	ne	version:	x-1.52	Trust: 0.3
vendor:	ibm	model:	integrated management module for bladecenter yuooh3a	scope:	ne	version:	-1.52	Trust: 0.3
vendor:	ibm	model:	flex system fabric si4093 system interconnect module	scope:	ne	version:	7.8.14.0	Trust: 0.3
vendor:	ibm	model:	flex system fabric en4093r 10gb scalable switch	scope:	ne	version:	7.8.14.0	Trust: 0.3
vendor:	ibm	model:	flex system fabric en4093 10gb scalable switch	scope:	ne	version:	7.8.14.0	Trust: 0.3
vendor:	ibm	model:	flex system fabric cn4093 10gb converged scalable switch	scope:	ne	version:	7.8.14.0	Trust: 0.3
vendor:	ibm	model:	flex en2092 1gb ethernet scalable switch	scope:	ne	version:	7.8.14.0	Trust: 0.3

sources: BID: 91212 // JVNDB: JVNDB-2015-004996 // CNNVD: CNNVD-201509-566 // NVD: CVE-2015-5185

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5185
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-5185
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201509-566
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2015-5185
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2015-004996 // CNNVD: CNNVD-201509-566 // NVD: CVE-2015-5185

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-004996 // NVD: CVE-2015-5185

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-566

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 91212

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004996

PATCH

title:	openSUSE-SU-2015:1571	url:	http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html	Trust: 0.8
title:	Standards Based Linux Instrumentation	url:	http://sourceforge.net/projects/sblim/files/	Trust: 0.8
title:	sblim-sfcb Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=57822	Trust: 0.6

sources: JVNDB: JVNDB-2015-004996 // CNNVD: CNNVD-201509-566

EXTERNAL IDS

db:	NVD	id:	CVE-2015-5185	Trust: 2.7
db:	OPENWALL	id:	OSS-SECURITY/2015/08/21/2	Trust: 2.4
db:	BID	id:	91212	Trust: 1.3
db:	JVNDB	id:	JVNDB-2015-004996	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-566	Trust: 0.6

sources: BID: 91212 // JVNDB: JVNDB-2015-004996 // CNNVD: CNNVD-201509-566 // NVD: CVE-2015-5185

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2015/08/21/2	Trust: 2.4
url:	http://lists.opensuse.org/opensuse-updates/2015-09/msg00019.html	Trust: 1.6
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172659.html	Trust: 1.0
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172667.html	Trust: 1.0
url:	http://www.securityfocus.com/bid/91212	Trust: 1.0
url:	http://lists.fedoraproject.org/pipermail/package-announce/2015-november/172634.html	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5185	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5185	Trust: 0.8
url:	http://sourceforge.net/projects/sblim/	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1255587	Trust: 0.3
url:	https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099487	Trust: 0.3
url:	https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099394	Trust: 0.3
url:	https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5099388	Trust: 0.3

sources: BID: 91212 // JVNDB: JVNDB-2015-004996 // CNNVD: CNNVD-201509-566 // NVD: CVE-2015-5185

CREDITS

Qinghao Tang from QIHU 360.

Trust: 0.3

sources: BID: 91212

SOURCES

db:	BID	id:	91212
db:	JVNDB	id:	JVNDB-2015-004996
db:	CNNVD	id:	CNNVD-201509-566
db:	NVD	id:	CVE-2015-5185

LAST UPDATE DATE

2024-11-23T22:13:23.625000+00:00

SOURCES UPDATE DATE

db:	BID	id:	91212	date:	2016-10-03T01:01:00
db:	JVNDB	id:	JVNDB-2015-004996	date:	2015-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201509-566	date:	2015-09-30T00:00:00
db:	NVD	id:	CVE-2015-5185	date:	2024-11-21T02:32:31.403

SOURCES RELEASE DATE

db:	BID	id:	91212	date:	2015-08-20T00:00:00
db:	JVNDB	id:	JVNDB-2015-004996	date:	2015-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201509-566	date:	2015-09-30T00:00:00
db:	NVD	id:	CVE-2015-5185	date:	2015-09-28T20:59:01.937